Careers & Certifications

12:01 PM
Connect Directly
RSS
E-Mail
50%
50%

Cisco Routers Vulnerable To Denial Of Service Attacks

Vulnerability affects Internetwork Operating Software configured for the Cisco IOS Telephony Service, Cisco CallManager Express, and Survivable Remote Site Telephony.

Cisco has revealed that vulnerabilities in its Internetwork Operating Software (IOS) can allow hackers to launch successful Denial of Services (DoS) attacks against routers for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME), and Survivable Remote Site Telephony (SRST).

A Cisco advisory notes that the vulnerability occurs when the routers process "certain malformed control protocol messages" sent by a hacker. The advisory continues, "A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS)."

Only routers that run IOS are vulnerable to the attack. A free patch is available to fix the problem. For more details about the attack and the patch, see Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing Solutions.

A security company, DeepNines Technologies, warns that the vulnerability may only be the first leading edge of an assault on network routers in 2005.

"From a security standpoint, 2005 is the year that the router becomes the Achilles heel of the network," Dan Jackson, president and COO of DeepNines Technologies, said in a statement. "Where there's smoke, there's fire -- meaning these won't be the last router vulnerabilities we hear about this year."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Cartoon
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Slideshows
Twitter Feed