Cisco releases 'critical' updates

Networking giant Cisco has published a raft of security advisories as part of its biannual patch-release schedule.

Networking giant Cisco has published a raft of security advisories as part of its biannual patch-release schedule.

(Credit: Suzanne Tindal/ZDNet.com.au)

Eleven of the advisories published this week cover vulnerabilities in Cisco's Internetwork Operating System (IOS), the software used on all Cisco switches and most Cisco routers.

The Cisco IOS vulnerabilities addressed include protocol flaws which cause system crashes and hangs, or leave systems open to denial-of-service attacks.

The remaining advisory addresses flaws in Cisco Unified Communications Manager that could leave systems open to denial-of-service attacks.

Details of the advisories and links to patches can be found on Cisco's security advisories web page.

Security company Secunia rated the threats 'moderately critical', as sensitive information could be exposed via some vulnerabilities that could allow remote access to a system.

Security company Symantec placed its 'ThreatCon' at level 2, or 'elevated', as a result of one the vulnerabilities affecting Cisco uBR10012 series devices.

When configured for linecard redundancy, Cisco uBR10012 series devices use an SNMP community string of 'private' and allow read/write access, warned Symantec, adding that remote attackers could exploit this vulnerability to gain complete control of affected routers.

In March, Cisco patched a number of vulnerabilities in products at risk from denial-of-service attacks.