Cisco: Patch now, attack on the way

Cisco has advised its customers to patch their routers because a tool that can exploit nine vulnerabilities in unpatched Cisco products is being distributed among the hacker underground.

Vincent Biere, business development manager for security at Cisco EMEA, told ZDNet UK that there are no new vulnerabilities and the oldest one is from 2000, but network administrators should make sure their products are up to date: "Somebody recently wrote a tool to exploit these vulnerabilities and when you have a tool, it is more likely that somebody will exploit the vulnerability," he said.

The full list of vulnerabilities, which includes buffer overflow and DDoS issues, is listed on Cisco's Web site.

Biere was keen to point out that if customers have the latest software on their Cisco products, they are not at risk: "If people have patched their systems and have the latest software version there should not be an issue. We have not been notified of any customers being affected by the tool," he said.

Cisco's security alert comes just weeks after the company was slammed by analysts for not doing enough to stop the number of viruses and spam emails flying around on the Internet. At the time, the company had just announced new products with features to help networks identify threats, react appropriately based on risk level, isolate infected endpoints and reconfigure network resources in response to an attack.

At the product launch, Richard Stiennon, a security analyst at Gartner, said: "Ninety percent of this announcement is public relations. The other 10 percent is legitimately filling in the features and enhancing management capability. Some of this is good stuff, but there is no mention of a device that can recognise worms and drop them from the network," he said.

CNET News.com's Marguerite Reardon contributed to this report.