Check out AT&T's FREE camera phones
January 25, 2007 8:52 AM PST
Trio of Cisco flaws may threaten networks
- Related Stories
-
Cisco squashes 'critical' Net attack bug
November 2, 2005 -
New Cisco flaw could pose threat to Net
September 7, 2005 -
Bug hunters, software firms in uneasy alliance
September 6, 2005 -
More legal threats over Cisco flaws
July 29, 2005 -
Cisco details controversial router flaw
July 29, 2005 -
Flaw researcher settles dispute with Cisco
July 28, 2005 -
Cisco hits back at flaw researcher
July 27, 2005 -
Cisco warns of security flaws
July 14, 2005 -
Cisco finds more security flaws in router software
January 26, 2005 -
Cisco finds security flaw in router software
January 21, 2005 -
Cisco flaw opens networks to attacks
August 19, 2004 -
Cisco plans network software overhaul
April 21, 2004 -
Code attacks Cisco vulnerabilities
March 29, 2004 -
Cisco warns of serious router flaw
July 16, 2003
The vulnerabilities lie in Cisco's Internetwork Operating System and could be exploited to crash or remotely run malicious code on devices that run the software, the San Jose, Calif., networking giant warned Wednesday in security advisories. IOS runs on Cisco's routers and switches, which make up a large portion of the Internet's infrastructure.
Cisco's warning prompted the U.S. Computer Emergency Readiness Team, or US-CERT, to issue an alert. "A remote attacker may be able to execute arbitrary code on an affected device, cause an affected device to reload the operating system, or cause other types of denial of service," US-CERT said on it Web site.
Being able to execute arbitrary code means that an attacker could change the configuration of a router or switch, redirecting traffic or potentially sniffing the data that travels through a Cisco device. In a denial-of-service attack a vulnerable router or switch would be taken offline, disrupting any traffic it is tasked to channel.
"Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe," US-CERT said.
The impact of each of the three vulnerabilities is different. The most serious of the problems, which relates to how IOS handles specific data packets, affects a broad range of Cisco devices. This includes routers and switches used by telecommunications companies that use Cisco's gear to shuttle data traffic across networks.
"These are serious issues and patches need to be applied as soon as possible," said Gunter Ollmann, director of security strategy for IBM Internet Security Systems. "From our monitoring of underground channels there are a lot of people interested in these and actively working on exploits."
Cisco has software updates available to address the vulnerabilities, the company said in each of its alerts. "Cisco is also not aware of any current exploitation of these vulnerabilities," the company added.
Will Sturgeon of Silicon.com in London contributed to this story.
See more CNET content tagged:
Cisco IOS,
Cisco Systems Inc.,
router,
denial of service,
computer network
