Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco Fixes "Critical" Router Security Hole

Cisco has fixed a critical security hole in its Internetwork Operating System (IOS) that could have allowed hackers to crash or take control of the routers and switches that form the backbone of the Internet and enterprise networks.

The networking giant only yesterday disclosed the flaw, even though it has know about it since July. The security hole first became known at the Black Hat security conference in July, when security expert Michael Lynn showed how to take control of Cisco routers using the security flaw. Cisco then squashed making the flaw public by going to court and getting a restraining order against publicly disclosing the security hole.

Cisco waited to publicly disclose the flaw until it was able to issue a patch that would fix it.

Cisco has issued an advisory and patch detailing the flaw and how to fix the hole. As with many other security holes, it exploits a heap-based buffer overflow vulnerability that allows hackers to take control of a router or switch.

The security hole affects all Cisco products that run IOS.