A flaw in the Cisco Internetwork Operating System (IOS) used in most Cisco routers could allow a hacker to completely crash a company’s phone network using a denial of service attack (DoS).
IOS software configured for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) phone systems contains the flaw.
In a statement on its website Cisco said a successful exploitation of the flaw "may cause a reload of the device which could be exploited repeatedly to produce a Denial of Service (DoS) attack".
Cisco has issued a patch to solve the problem in the affected products and more information is available at www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
There are also workarounds available to reduce the risk of the problem, said Cisco.