Vulnerabilities in software running on Cisco routers, switches

By

Cisco has reported two vulnerabilities affecting a feature designed to protect software being used in the networking giant's widely deployed switchers and routers.

Vulnerabilities in software running on Cisco routers, switches
According to a company advisory issued Tuesday, the IPS component of Cisco’s IOS (internetworking operating system), the more serious of the two flaws may allow malicious traffic to be delivered as IP packets to bypass signature detection.

"This could allow protected systems to be covertly attacked," the advisory said.

The other vulnerability could lead to a DoS condition and a system crash if certain network traffic uses the "regular expression feature of the ATOMIC.TCP signature engine."

Vulnerability tracking firm Secunia rated the two bugs "moderately critical" today.

In lieu of a patch, Cisco said there is a mitigation and workaround, respectively, for the two vulnerabilities.

The IPS detects for and attempts to block malicious traffic in real time. IOS software is largely used in Cisco routers and switches.

The vulnerable IOS versions are 12.3 and 12.4.

Cisco also reported today numerous vulnerabilities impacting its PIX (private internet exchange), ASA (adaptive security appliance), and FWSM (firewall services module) products.

Only one of the flaws could lead to the remote execution of code, the company said in another advisory.

Click here to email reporter Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
ciscoinonroutersrunningsecuritysoftwareswitchesvulnerabilities

Sponsored Whitepapers

Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21
Cut Cloud Costs Without Compromise: Discover mCloud by Micron21
Cut Cloud Costs Without Compromise: Discover mCloud by Micron21
What 4 wholesale distribution challenges aren’t going away anytime soon?
What 4 wholesale distribution challenges aren’t going away anytime soon?
State of the SOC: Building Resilience in a Shifting Threat Landscape
State of the SOC: Building Resilience in a Shifting Threat Landscape

Events

Most Read Articles

First npm worm "Shai-Hulud" released in supply chain attack

First npm worm "Shai-Hulud" released in supply chain attack
"VoidProxy" PhishKit targets Google and Microsoft users

"VoidProxy" PhishKit targets Google and Microsoft users
Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip
Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?