February 14, 2007 10:06 AM PST

Cisco warns of more router vulnerabilities

The intrusion prevention capabilities of Cisco Systems' routers could be prone to attack, after the networking giant revealed two vulnerabilities in its key operating system.

The vulnerabilities affect those versions of Cisco's Internetwork Operating System (IOS) that start with "12.3" and "12.4". Almost all Cisco routers run a version of IOS. The flaws allow a hacker to circumvent the IPS protection built into the affected routers and also cause routers to crash.

IPS is an inspection feature found in many networking products, including those from Cisco, that aims to block unauthorized network access and malicious code in real time.

In a security advisory, Cisco said there were two vulnerabilities: one that could lead to the IPS being circumvented, and the other that could cause a denial-of-service condition. Exploitation of the first weakness "may result in an attacker being able to evade detection by an IOS IPS device. This could allow protected systems to be covertly attacked," Cisco warned. A hacker exploiting the second vulnerability "may cause an IOS IPS device to crash."

Cisco urged IT managers who run affected routers to patch the IOS.

Last month, Cisco found two other vulnerabilities in IOS. The first weakness could lead to a denial-of-service attack, while the second one allows hackers to execute malicious code on the device in question. Following news of the vulnerabilities, Cisco made patches available.

Cisco's routers are the most popular enterprise routers in the world. As such, IOS is the network operating system that many hackers try to exploit.

Richard Thurston of ZDNet UK reported from London.

See more CNET content tagged:
Cisco IOS, Cisco Systems Inc., intrusion prevention, vulnerability, hacker

3 comments

Join the conversation!
Add your comment
Stop reporting these or get them right
"The vulnerabilities affect those versions of Cisco's Internetwork Operating System (IOS) that start with "12.3" and "12.4". Almost all Cisco routers run a version of IOS. The flaws allow a hacker to circumvent the IPS protection built into the affected routers and also cause routers to crash."

There are many many builds of IOS and very few routers running IOS 12.3 or 12.4 are running builds with IPS functionality.

Even in the few builds that did ship with this functionality, the feature is off by default and must be turned on to be exploited.

What this means is that this impacts literally only a handful of customers.

Additionally, this only means they can get around having IPS inspect their packets by using a method to fragment them.

So using this method, targeting a small handful of users, under a specific set of circumstances, an attacker can get traffic on to the network. (assuming they have not patched yet).

You make it sound like all routers are impacted, when the reality is a miniscule fraction of that.

I do have to give you credit for actually linking the security advisory though, CNET usually does not bother.
Posted by Dachi (797 comments )
Reply Link Flag
Stop reporting these or get them right
"The vulnerabilities affect those versions of Cisco's Internetwork Operating System (IOS) that start with "12.3" and "12.4". Almost all Cisco routers run a version of IOS. The flaws allow a hacker to circumvent the IPS protection built into the affected routers and also cause routers to crash."

There are many many builds of IOS and very few routers running IOS 12.3 or 12.4 are running builds with IPS functionality.

Even in the few builds that did ship with this functionality, the feature is off by default and must be turned on to be exploited.

What this means is that this impacts literally only a handful of customers.

Additionally, this only means they can get around having IPS inspect their packets by using a method to fragment them.

So using this method, targeting a small handful of users, under a specific set of circumstances, an attacker can get traffic on to the network. (assuming they have not patched yet).

You make it sound like all routers are impacted, when the reality is a miniscule fraction of that.

I do have to give you credit for actually linking the security advisory though, CNET usually does not bother.
Posted by Dachi (797 comments )
Reply Link Flag
ohh good post and i am using <a href="http://www.purevpn.com/vpn-service/router-vpn.php">router vpn</a> service provided by purevpn how is that?
Posted by purevpn (3 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.