Cisco has revealed that vulnerabilities in its Internetwork Operating Software (IOS) can allow hackers to launch successful Denial of Services (DoS) attacks against routers for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME), and Survivable Remote Site Telephony (SRST).
A Cisco advisory notes that the vulnerability occurs when the routers process "certain malformed control protocol messages" sent by a hacker. The advisory continues, "A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS)."
Only routers that run IOS are vulnerable to the attack. A free patch is available to fix the problem. For more details about the attack and the patch, see Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing Solutions.
A security company, DeepNines Technologies, warns that the vulnerability may only be the first leading edge of an assault on network routers in 2005.
"From a security standpoint, 2005 is the year that the router becomes the Achilles heel of the network," Dan Jackson, president and COO of DeepNines Technologies, said in a statement. "Where there's smoke, there's fire -- meaning these won't be the last router vulnerabilities we hear about this year."