A Cisco advisory notes that the vulnerability occurs when the routers process "certain malformed control protocol messages" sent by a hacker. The advisory continues, "A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS)."
Only routers that run IOS are vulnerable to the attack. A free patch is available to fix the problem. For more details about the attack and the patch, see Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing Solutions.
A security company, DeepNines Technologies, warns that the vulnerability may only be the first leading edge of an assault on network routers in 2005.
"From a security standpoint, 2005 is the year that the router becomes the Achilles heel of the network," Dan Jackson, president and COO of DeepNines Technologies, said in a statement. "Where there's smoke, there's fire -- meaning these won't be the last router vulnerabilities we hear about this year."