Cisco releases 12 sets of security patches

The networking giant has published advisories and patches for flaws in the software underlying all of its switches and most of its routers

Networking giant Cisco has published a raft of security advisories as part of its biannual patch-release schedule.

Eleven of the advisories published on Wednesday cover vulnerabilities in Cisco Internetwork Operating System (IOS), the software used on all Cisco switches and most Cisco routers.

The Cisco IOS vulnerabilities addressed include protocol flaws which cause system crashes and hangs, or leave systems open to denial-of-service attacks.

The remaining advisory addresses flaws in Cisco Unified Communications Manager that could leave systems open to denial-of-service attacks.

Details of the advisories and links to patches can be found on Cisco's security-advisories web page.

Security company Secunia rated the threats 'moderately critical', as sensitive information could be exposed via some vulnerabilities that could allow remote access to a system.

Security company Symantec placed its 'ThreatCon' at level 2, or 'elevated', as a result of one the vulnerabilities affecting Cisco uBR10012 series devices. When configured for linecard redundancy, Cisco uBR10012 series devices use an SNMP community string of 'private' and allow read/write access, warned Symantec, adding that remote attackers could exploit this vulnerability to gain complete control of affected routers.

In March, Cisco patched a number of vulnerabilities in products at risk from denial-of-service attacks.