Network Computing is part of the Informa Tech Division of Informa PLC
Cisco Admits IOS Vulnerability
Cisco Systems Inc. (Nasdaq: CSCO), which has rarely been out of the security spotlight in the last few weeks, has announced a vulnerability in its IOS software that could leave users open to a damaging buffer overflow attack.
The vulnerability affects certain versions of the IOS software configured to run a firewall authentication proxy for File Transfer Program (FTP) and/or Telnet sessions. IOS software is at the heart of Cisco switches and routers.
Buffer overflow attacks occur when a program bombards a computers temporary storage with more data than it can handle. The additional data may include malicious code that could cause problems elsewhere in the computer, such as disclosing confidential information.
Cisco, in a security advisory to users, is at pains to explain that products configured with the authentication proxy for HTTP and/or HTTPS are not affected by the vulnerability. Devices running IOS version 12.2 and earlier are also unaffected, according to the vendor, which added that the XR version of IOS is not prone to the vulnerability.
But security specialist Symantec Corp. (Nasdaq: SYMC), in its own note, rates the risk posed to affected users as high." Successful exploitation of this issue could cause a denial of service or potential execution of arbitrary code, it says.
Recommended For You
What skills do network managers really need to properly secure industrial networks? What new protocols, frameworks, and regulations are important? And what conferences and certifications can help? Here are five tips to get started.
A full-stack approach to retail edge offers retailers a way to optimize operations and adapt to changes in a post-pandemic world.
Network management tool sprawl is getting in the way of network management. It’s time for IT to do something about it.