Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco Admits IOS Vulnerability

Cisco Systems Inc. (Nasdaq: CSCO), which has rarely been out of the security spotlight in the last few weeks, has announced a vulnerability in its IOS software that could leave users open to a damaging buffer overflow attack.

The vulnerability affects certain versions of the IOS software configured to run a firewall authentication proxy for File Transfer Program (FTP) and/or Telnet sessions. IOS software is at the heart of Cisco switches and routers.

Buffer overflow attacks occur when a program bombards a computers temporary storage with more data than it can handle. The additional data may include malicious code that could cause problems elsewhere in the computer, such as disclosing confidential information.

Cisco, in a security advisory to users, is at pains to explain that products configured with the authentication proxy for HTTP and/or HTTPS are not affected by the vulnerability. Devices running IOS version 12.2 and earlier are also unaffected, according to the vendor, which added that the XR version of IOS is not prone to the vulnerability.

But security specialist Symantec Corp. (Nasdaq: SYMC), in its own note, rates the risk posed to affected users as “high." “Successful exploitation of this issue could cause a denial of service or potential execution of arbitrary code,” it says.

  • 1