Cisco flaw creates an opening for insider attacks

Cisco released a security advisory on Wednesday warning that some Cisco networks could be vulnerable to denial-of-service attacks.

The problem occurs if a malformed packet is sent to a router that has been configured for the Open Shortest Path First (OSPF) protocol. This problem is limited to versions 12.0S, 12.2, and 12.3 of Cisco's IOS routing software.

Jon Oltsik, a network security analyst at the Enterprise Strategy Group, said the vulnerable versions and configuration are in common use and the effects of a successful attack could be devastating to an enterprise.

"If a hacker puts a certain request to the main router, then it could shut down the whole network," he said. But Oltsik believes that in practice the vulnerability requires both inside knowledge and Cisco expertise, which should limit the number of attacks. The most likely threat will come from former staff with a grievance.

"It's not like a Microsoft vulnerability that anyone with Internet access can exploit. You need specific knowledge to exploit this. An attack is most likely to come from a rogue employee who knows the configuration of the company's Cisco routers," said Oltsik.

Cisco has provided a patch for the security flaw and has also provided several workarounds for the problem. The full Cisco advisory has been posted here.