Juniper routers exposed to attack

Networking company Juniper Networks is encouraging customers to upgrade their routers to fix a serious vulnerability in its operating system.

Juniper's M- and T-Series routers are affected by the flaw in the version 6 series of Junos, which makes them vulnerable to denial-of-service attacks. Such an attack could allow a hacker to gain access to the router and crucial areas of a company's network.

Juniper confirmed the existence of the security hole in Junos on Monday.

"It is being fixed, in that our customers are upgrading, but I'm not able to give any more details," said Penny Still, a spokeswoman for Juniper.

According to security research firm Secunia, the vulnerability has "moderately critical" implications for networks. In an advisory posted to its Web site, the Danish company said that the flaw was in an unspecified error in processing certain network packets. It recommended that companies upgrade the operating systems on their routers.

The vulnerability is thought to affect routers running versions of Junos installed before Jan. 7 this year. It was discovered by U.S. company Qwest Communications.

The Juniper warning comes after Cisco Systems sent out two alerts of security holes in its router software. On Jan. 21, the networking giant posted a warning on its Web site to say routers connected to its IP telephony gear could be vulnerable to denial-of-service attacks. Then last week, Cisco announced it had uncovered three more security flaws in its routing software that could open the door to the same kind of intruder.

Dan Ilett of ZDNet UK reported from London.