Cisco combats router glitches


Cisco combats router glitches

Networking specialist Cisco has had to patch a series of security vulnerabilities affecting its routers and Call Manager software, some of which could be used to launch a denial-of-service (DoS) attack against the products.

The router bug affects all Cisco devices that use the company's Internetwork operating system software and that have enabled a protocol called Stack Group Bidding Protocol (SGBP), which manages network access.
However, the Sans Institute believes the vulnerability does not affect many Cisco users, because the SGBP is not used widely and devices that do not have the protocol enabled are not vulnerable.

The two other flaws relate to Cisco's Call Manager software, which is used to manage Voice over IP (VoIP) calls. The bugs could be exploited by an attacker to either launch a DoS attack against the Call Manager machine or to gain additional user privileges on such a system.

Call Manager users have been told to apply the patches, but only with caution, and not to rush them for fears of crashing Call Manager and leaving their companies without phone services.

The VoIP flaw marks a new awareness problem for those tempted to adopt VoIP solutions. Not only is VoIP immature in terms of its security, but its patch management processes still need work as well.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy