Cisco According to the UK-based National Infrastructure Security Co-ordination Centre, which reported the flaw Tuesday, the The NISCC said the exploit targets hosts connected to an IP network using A successful exploit could cause the impacted devices to crash or Cisco said products that could be affected by the flaw are DNS clients, In addition, its ATA (Analog Telephone Adaptor) 186/188 However, no Cisco products performing DNS server functions, or DNS packet NISCC said the issue was identified by Steve Beaty from the However, because many vendors include support for this protocol in their issued a patch for a domain name system
vulnerability that could put some of its routers and Voice Over IP products
at risk for exploits.
vulnerability could leave some systems open to a Denial-of-Service
packet.
the DNS protocol to resolve names to IP addresses. It said an attacker could
craft a DNS packet containing invalid information in the compressed section,
which can result in an error in processing on the receiving host.
malfunction, leading to a DOS situation.
including its 7902/7905/7912 series of IP Phones, its Unity Express and
ACNS devices.
versions and its series 4400 content routers are at risk, as well as series 500 and 7300 content engines.
inspections, are currently known to be affected by this vulnerability.
Details on Cisco’s patch and systems that are not impacted, can be found here.
Department of
Mathematical and Computer Sciences at the Metropolitan State College of
Denver.
products, it is likely they have already issued patches for the
vulnerability. As a result, NISCC did not issue a severity rating on the
flaw and urged companies to contact the vendors it identified as affected by the vulnerability.