TomTom ONE 130. Buy Now $149.95
February 14, 2007 10:06 AM PST
Cisco warns of more router vulnerabilities
- Related Stories
-
Trio of Cisco flaws may threaten networks
January 25, 2007 -
Cisco squashes 'critical' Net attack bug
November 2, 2005 -
New Cisco flaw could pose threat to Net
September 7, 2005
The vulnerabilities affect those versions of Cisco's Internetwork Operating System (IOS) that start with "12.3" and "12.4". Almost all Cisco routers run a version of IOS. The flaws allow a hacker to circumvent the IPS protection built into the affected routers and also cause routers to crash.
IPS is an inspection feature found in many networking products, including those from Cisco, that aims to block unauthorized network access and malicious code in real time.
In a security advisory, Cisco said there were two vulnerabilities: one that could lead to the IPS being circumvented, and the other that could cause a denial-of-service condition. Exploitation of the first weakness "may result in an attacker being able to evade detection by an IOS IPS device. This could allow protected systems to be covertly attacked," Cisco warned. A hacker exploiting the second vulnerability "may cause an IOS IPS device to crash."
Cisco urged IT managers who run affected routers to patch the IOS.
Last month, Cisco found two other vulnerabilities in IOS. The first weakness could lead to a denial-of-service attack, while the second one allows hackers to execute malicious code on the device in question. Following news of the vulnerabilities, Cisco made patches available.
Cisco's routers are the most popular enterprise routers in the world. As such, IOS is the network operating system that many hackers try to exploit.
Richard Thurston of ZDNet UK reported from London.
See more CNET content tagged:
Cisco IOS,
Cisco Systems Inc.,
router,
vulnerability,
intrusion prevention
There are many many builds of IOS and very few routers running IOS 12.3 or 12.4 are running builds with IPS functionality.
Even in the few builds that did ship with this functionality, the feature is off by default and must be turned on to be exploited.
What this means is that this impacts literally only a handful of customers.
Additionally, this only means they can get around having IPS inspect their packets by using a method to fragment them.
So using this method, targeting a small handful of users, under a specific set of circumstances, an attacker can get traffic on to the network. (assuming they have not patched yet).
You make it sound like all routers are impacted, when the reality is a miniscule fraction of that.
I do have to give you credit for actually linking the security advisory though, CNET usually does not bother.
There are many many builds of IOS and very few routers running IOS 12.3 or 12.4 are running builds with IPS functionality.
Even in the few builds that did ship with this functionality, the feature is off by default and must be turned on to be exploited.
What this means is that this impacts literally only a handful of customers.
Additionally, this only means they can get around having IPS inspect their packets by using a method to fragment them.
So using this method, targeting a small handful of users, under a specific set of circumstances, an attacker can get traffic on to the network. (assuming they have not patched yet).
You make it sound like all routers are impacted, when the reality is a miniscule fraction of that.
I do have to give you credit for actually linking the security advisory though, CNET usually does not bother.