The hole, documented in bug ID CSCtk35917, exists in the second generation (CSG2) of the platform, which runs on the Cisco Service and Application Module for Internet Protocol. The CSG2 is used to bill users based on content by monitoring data traffic at layer 4 through layer 7.
For example, customers at an internet cafe running CSG2 could exploit the vulnerability to bypass its payment gateway by sending specially crafted Hypertext Transfer Protocol packets.
Only HTTP traffic is affected, according to a Cisco advisory.
Two further holes in the IOS software release 12.4(24)MD1, documented in bug IDs CSCth17178 and CSCth4189, enable denial-of-service attacks which jam traffic and prevent it passing through the CSG2.
These attacks require a sole content service to be active and can be exploited via crafted Transmission Control Protocol packets, the advisory stated.
Cisco has issued a patch for the holes, but there aren't any workarounds to prevent the issue.