Cisco warns of IOS router flaws

By

Software vulnerabilities could lead to unauthorised access.

Cisco warns of IOS router flaws
Cisco Systems is urging network administrators to update router firmware to secure against two vulnerabilities in its IOS software. 

The IOS vulnerabilities lie in more than 26 variants of 12.3 and 12.4 versions of the IOS router operating system. 

Cisco has issued a patch for both vulnerabilities, which affect the Intrusion Prevention System (IPS) security component of the software. IPS is disabled in systems by default and must be manually enabled.

If exploited, one of the vulnerabilities could allow an unauthorised user to bypass the security software. Attackers could use the second flaw to launch a denial of service attack that could cause a router to crash.

"Both flaws pose serious risks to vulnerable Cisco systems. You definitely do not want attackers knocking your gateway router out for any amount of time," said Cory Nachreiner, network security analyst at WatchGuard. 

"Moreover, if you use Cisco's IPS you certainly do not want an attacker to be able to evade it."

Cisco routers run about three quarters of the world's networks, but Nachreiner quelled concerns by pointing out that the affected component is disabled in most systems.

"If you use one of the vulnerable versions of IOS listed in the Vulnerable Products section of Cisco's alert, and you have enabled IPS, then get patching. Otherwise, it's no big deal."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Log In

  |  Forgot your password?