Users warned of new flaw in Cisco IOS

News

Users warned of new flaw in Cisco IOS

Antony Savvas

A vulnerability in Cisco's Internetwork Operating System (IOS) could be exploited by remote attackers to crash or run malicious code on devices that run the software.

IOS runs on Cisco's routers and switches, which make up a large portion of the internet's infrastructure, as well as being used across enterprises.

In an advisory note, Cisco said, "Successful exploitation of the vulnerability on Cisco IOS may result in a reload of the device or execution of arbitrary code. Repeated exploitation could result in a sustained denial of service attack."

The flaw does not affect all versions of IOS. Cisco has issued a patch to protect IOS versions 12.2ZH, 12.2ZL, 12.3, 12.3T, 12.4 and 12.4T.

Last month Cisco issued new passwords to registered users of its website after discovering a vulnerability in a search tool that could expose log-in details.

In August Cisco had to patch another flaw in IOS, which could allow a hacker to gain remote access to any router running the operating system using a buffer overflow attack. 

Analyst firm Gartner warned that the discovery of the flaw in the Cisco operating system opened up the possibility of more serious exploits against routers and switches and could stem from the theft of Cisco source code in 2004.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy