Networking specialist Cisco has had to patch a series of security vulnerabilities affecting its routers and Call Manager software, some of which could be used to launch a denial-of-service (DoS) attack against the products.
The router bug affects all Cisco devices that use the company's Internetwork operating system software and that have enabled a protocol called Stack Group Bidding Protocol (SGBP), which manages network access.
However, the Sans Institute believes the vulnerability does not affect many Cisco users, because the SGBP is not used widely and devices that do not have the protocol enabled are not vulnerable.
The two other flaws relate to Cisco's Call Manager software, which is used to manage Voice over IP (VoIP) calls. The bugs could be exploited by an attacker to either launch a DoS attack against the Call Manager machine or to gain additional user privileges on such a system.
Call Manager users have been told to apply the patches, but only with caution, and not to rush them for fears of crashing Call Manager and leaving their companies without phone services.
The VoIP flaw marks a new awareness problem for those tempted to adopt VoIP solutions. Not only is VoIP immature in terms of its security, but its patch management processes still need work as well.