CERT and Cisco Warn of IOS Flaws
DoS or arbitrary code executions possible.
Security firm Secunia has labeled the vulnerabilities highly critical. IOS is Cisco's embedded operating system that runs on Cisco routers and switches that are widely deployed on a global basis. If exploited, the vulnerabilities in IOS could potentially lead to a denial of service (DoS) attack or arbitrary code execution.
One of the flaws may have allowed an attacker to exploit IOS by way of a specially crafted IP packet. Cisco notes in its advisory that it discovered the flaw during internal testing.
"Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe," said US-Cert in its alert.
The third flaw reported by Cisco involves a mal-crafted IPv6 packet that could potentially crash IOS. Cisco notes in its advisory that it was initially reported by a customer and a further trigger vector was discovered during developing the fix for this vulnerability.
Cisco is providing fixes to its customers for all of the reported issues.
Article courtesy of internetnews.com