Cisco hardware vulnerable to Blaster worm

Users of some Cisco Systems Inc.’s products better beware – the Blaster worm that has been burrowing its way into Microsoft Corp.’s Windows-enabled systems around the world is also affecting some Cisco gear.

San Jose, Calif.-based Cisco said that affected customers have been experiencing high volumes of traffic from both internal and external systems, and symptoms include, but are not limited to, high CPU and traffic drops on the input interfaces.

Cisco said that the signature of the Blaster worm appears as UDP traffic to port 69 and as high volumes of traffic to port 135 and 4444. The company said the effects of the worm can be assuaged by blocking the ports it uses to multiply itself, scanning for new infections, and by propagating the executable code.

However, blocking these ports might have side effects including disabling file sharing functionality within the network, breaking existing TFTP functionality within the network, and blocking existing Kerberos authentication functions and Oracle 9i implementations, the company said.

The following products require a patch from Cisco: Cisco CallManager; Cisco Building Broadband Service Manager v5.1, v5.2 and HotSpot 1.0; Cisco Response Application Server; Cisco Personal Assistant; Cisco Conference Connection; Cisco Emergency Responder.

Cisco also recommends that users, who have Cisco products that run on a Microsoft operating system, load the patch from Microsoft, based in Redmond, Wash., at

For a list of Cisco affected products visit