Security hole in Cisco IOS

A vulnerability in Cisco's Internetwork Operating Software (IOS) could be exploited for a denial-of-service attack.

This Content Component encountered an error
This Content Component encountered an error
This Content Component encountered an error

Cisco Systems has upgraded its Internetwork Operating Software (IOS) to fix a security hole malicious people could use to unleash denial-of-service attacks.

According to the San Jose, Calif.-based networking giant, IOS release trains 12.1YD, 12.2T, 12.3 and 12.3T may contain a vulnerability when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST). The problem is in how certain malformed control protocol messages are processed, the company said, adding, "A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a denial of service."

Cisco has made free software upgrades available "to address this vulnerability for all affected customers."

Dan Jackson, president and COO of Dallas-based security firm DeepNines Technologies, warned in a statement that this flaw could signal a greater threat to routers going forward. "From a security standpoint, 2005 is the year that the router becomes the Achilles heel of the network," he said. "Where there's smoke, there's fire -- meaning these won't be the last router vulnerabilities we hear about this year."

He added: "Cisco's greatest asset, its large market share, could become one of its most glaring weaknesses. Just as Microsoft's market share makes it a target for attackers, so, too, Cisco could begin to suffer attacks more regularly. The real problem is that there has been virtually no protection for routers…"

That assessment is in contrast to that of Danish security firm Secunia, which labels the IOS problem "less critical" in its advisory.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

This Content Component encountered an error
This Content Component encountered an error

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close