The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial-of-service condition, according to the Crafted TCP Packet Can Cause Denial of Service advisory issued by Cisco.
A second denial-of-service flaw affects Cisco routers and switches running IOS or Cisco IOS XR software. Attackers could exploit the flaw after processing an Internet control message protocol (ICMP) packet, protocol independent multicast version 2 (PIMv2) packet; pragmatic general multicast (PGM) packet; or a URL rendezvous directory (URD) packet containing a specific crafted IP option in the packet's IP header.
"Exploitation of the vulnerability may potentially allow for arbitrary code execution," Cisco warned.
Attackers could also crash a device running IOS software by processing a specially crafted IPv6 Type 0 routing header, according to the IPv6 Routing Header Vulnerability advisory issued by Cisco.
The Cisco bulletins prompted the Bethesda, Md.-based SANS Internet Storm Center (ISC) to post an advisory on its Web site.
"If you run Cisco switches or routers in your network, we advise you to review these bulletins in detail and take mitigative action where required," the ISC said.