Cisco warns of new router flaw

Network gear maker Cisco Systems Inc. issued a bulletin on Wednesday detailing a vulnerability found in its routers and switches that run its operating system software, which could cause the network devices to crash.

According to Cisco, routers and switches configured to process Internet Protocol version 4 (IPv4) packets, in addition to running its IOS 11.x and 12.x software, are at risk of denial of service (DoS) attacks.

Cisco explained that attackers can virtually trick routers to think input queues -storage areas for incoming data – are full. Network administrators would be faced with a crashed router and would inevitably have to reboot the system to clear the queues.

According to a statement issued by Internet Systems Security (ISS), an Atlanta-based security software and services firm, the vulnerable platforms represent the vast majority of currently deployed Cisco devices. ISS also noted that attacks may be launched at specific targets or indiscriminately, causing widespread outages, and added that an attack is unlikely to be blocked by legacy firewall devices.

Cisco has issued a workaround to combat the problem. Registered users can find information using the Bug Toolkit at www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl. Non-registered users can find details at www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml.

The company recommended that all IOS devices, which process IPv4 packets be configured to block traffic directed to the router from any unauthorized source using Access Control Lists (ACLs).

So far, there have been no reported attacks related to the vulnerability. San Jose-based Cisco is online at www.cisco.com.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now