Cisco warns of IOS router flaws

By

Software vulnerabilities could lead to unauthorised access.

Cisco warns of IOS router flaws
Cisco Systems is urging network administrators to update router firmware to secure against two vulnerabilities in its IOS software. 

The IOS vulnerabilities lie in more than 26 variants of 12.3 and 12.4 versions of the IOS router operating system. 

Cisco has issued a patch for both vulnerabilities, which affect the Intrusion Prevention System (IPS) security component of the software. IPS is disabled in systems by default and must be manually enabled.

If exploited, one of the vulnerabilities could allow an unauthorised user to bypass the security software. Attackers could use the second flaw to launch a denial of service attack that could cause a router to crash.

"Both flaws pose serious risks to vulnerable Cisco systems. You definitely do not want attackers knocking your gateway router out for any amount of time," said Cory Nachreiner, network security analyst at WatchGuard. 

"Moreover, if you use Cisco's IPS you certainly do not want an attacker to be able to evade it."

Cisco routers run about three quarters of the world's networks, but Nachreiner quelled concerns by pointing out that the affected component is disabled in most systems.

"If you use one of the vulnerable versions of IOS listed in the Vulnerable Products section of Cisco's alert, and you have enabled IPS, then get patching. Otherwise, it's no big deal."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
ciscoflawsiosofroutersecuritywarns

Sponsored Whitepapers

Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments
Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?