Cisco Systems is urging network administrators to update their router firmware to secure themselves against a set of two vulnerabilities in its IOS software.
Cisco
said that the vulnerabilities lie in more than 26 variants of 12.3 and 12.4 versions of the ISO router operating system. The company has issued a patch for both vulnerabilities, which affect the Intrusion Prevention System (IPS) security component of the software. By default, IPS is disabled in systems and must be manually enabled.
If exploited, one of the vulnerabilities could be used to allow an unauthorized user to bypass the security software. Attackers could use the second flaw to launch a denial of service attack that will result in a router to crash.
"Both flaws pose serious risks to vulnerable Cisco administrators. You definitely don't want attackers knocking your gateway router out for any amount of time," said network security analyst Cory Nachreiner with
Watchguard.
"Moreover, if you use Cisco's IPS you certainly don't want an attacker to be able to evade it."
Cisco routers run about three quarters of the world's networks, but Nachreiner quelled concerns by pointing out that the affected component is disabled in most systems.
"If you do use one of the vulnerable versions of IOS listed in the " Vulnerable Products" section of Cisco's alert, and you have enabled IPS, then get to patching, my friend. Otherwise, no big deal."