Security firm Secunia has labeled the vulnerabilities highly critical. IOS is Cisco’s embedded operating system that runs on Cisco routers and switches that are widely deployed on a global basis. If exploited, the vulnerabilities in IOS could potentially lead to a denial of service (DoS) attack or arbitrary code execution.
One of the flaws may have allowed an attacker to exploit IOS by way of a specially crafted IP packet. Cisco notes in its advisory that it discovered the flaw during internal testing.
A memory leak condition in how IOS handles TCP packets could also potentially have been exploited leading to a degradation of service or a full-fledged DoS attack. According to Cisco, this vulnerability only applies to traffic destined to the Cisco IOS device. Traffic-transiting the Cisco IOS device will not trigger this vulnerability.
“Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe,” said US-Cert in its alert.
The third flaw reported by Cisco involves a mal-crafted IPv6 packet that could potentially crash IOS. Cisco notes in its advisory that it was initially reported by a customer and a further trigger vector was discovered during developing the fix for this vulnerability.
Cisco is providing fixes to its customers for all of the reported issues.
Article courtesy of internetnews.com