Cisco warns of more router vulnerabilities

Intrusion-prevention capabilities in IOS can be circumvented by hackers, putting companies at risk of attack
Written by Richard Thurston, Contributor

The intrusion-prevention capabilities of Cisco's routers are prone to attack, after the networking giant revealed two vulnerabilities in its key operating system.

The vulnerabilities affect those versions of Cisco's Internetwork Operating System (IOS) that start with "12.3" and "12.4". Almost all Cisco routers run a version of IOS. The flaws allow a hacker to circumvent the IPS protection built into the affected routers and also cause routers to crash.

IPS is an inspection feature found in many networking products, including those from Cisco, which aims to block unauthorised network access and malicious code in real time.

In a security advisory, Cisco said there were two vulnerabilities: a fragmented packet evasion weakness, which could lead to the IPS being circumvented, and an ATOMIC.TCP regular expression denial-of-service vulnerability. Exploitation of the first weakness "may result in an attacker being able to evade detection by an IOS IPS device. This could allow protected systems to be covertly attacked," Cisco warned. A hacker exploiting the second vulnerability "may cause an IOS IPS device to crash".

Cisco urged IT managers who run affected routers to patch the IOS.

Last month, Cisco found two other vulnerabilities in IOS. The first weakness could lead to a denial-of-service attack, while the second one allows hackers to execute malicious code on the device in question. Following news of the vulnerabilities, Cisco made patches available.

Cisco's routers are the most popular enterprise routers in the world. As such, IOS is the network operating system that the majority of hackers tries to exploit.

Editorial standards