Cisco routers vulnerable to scanning software

Companies using Cisco's routers would be well advised to download and install a patch that fixes an otherwise fatalproblem.

Companies using Cisco's routers would be well advised to download and install a patch that fixes an otherwise fatal problem.

The company released an advisory Thursday, reminding users to update Cisco's Internet Operating System (IOS) as certain versions may be exploited by security scanning software to produce a consistent denial of service (DOS) attack.

William Oei, a spokesperson for Cisco Systems in Singapore, noted that the issue regarding the Cisco IOS was found before any customers reported it.

"This has not affected anyone to the best of our knowledge," he said.

The cause of the vulnerability is a defect in the IOS that is exposed when the scanning software probes certain ports (3100-3999, 5100-5999, 7100-7999, and 10100-10999 according to the advisory), causing it to reload unexpectedly.

The advisory reads: "The described defect can be used to mount a denial of service (DoS) attack on any vulnerable Cisco product, which may result in violations of the availability aspects of a customer's security policy. This defect by itself does not cause the disclosure of confidential information nor allow unauthorized access."

Cisco devices that run Cisco IOS software include:

•  Cisco routers in the AGS/MGS/CGS/AGS+, IGS, RSM, 8xx, ubr9xx, 1xxx, 25xx, 26xx, 30xx, 36xx, 38xx, 40xx, 45xx, 47xx, AS52xx, AS53xx, AS58xx, 64xx, 70xx, 72xx (including the ubr72xx), 75xx, and 12xxx series.
•  Most recent versions of the LS1010 ATM switch.
•  Some versions of the Catalyst 2900XL LAN switch.
•  The Cisco DistributedDirector.

Customers using the affected IOS are "urged to upgrade as soon as possible to later versions not vulnerable to this defect."

"We believe in being proactive and responsible with our customers and since the Internet is also a very self-service culture, we put the solution online," said Oei. "Our customers can upgrade their IOS free of charge to resolve this issue."

According to the advisory on the Cisco website, direct customers can download upgrades from the Web site, while customers through channel partners should contact their resellers for assistance with the upgrade.