/>
X

Flaws found in Cisco, Juniper and IBM kit

A government agency that protects the Critical National Infrastructure has published details of a flaw in network vendors' equipment
zd-defaultauthor-dan-ilett.jpg
Written by Dan Ilett on

Cisco, Juniper and IBM are suffering embarrassment today as a Home Office agency announced details of a software vulnerability that affects the vendors' products.

The National Infrastructure Co-Ordination Centre (NISCC) has published details of a denial-of-service vulnerability that can affect routers' ability to handle TCP traffic. Hackers commonly use denial-of-service attacks to flood target computers with data so they fail to work.

The NISCC Web site stated: "The impact of the ICMP TCP reset vulnerability varies by vendor and application, but in some deployment scenarios it is likely to be rated medium to high. If exploited, [this] could allow an attacker to create a denial-of-service condition against existing TCP connections, resulting in premature session termination."

Cisco is advising customers to update their products. It admitted that the problem affects PIX firewalls and all products running IOS — the operating system the majority of Cisco routers use.

"There is a free software fix available," said a Cisco spokesman. "It's an industry issue. We worked with NISCC to co-ordinate [the fix]." He added that the company had known about this for some time.

IBM admitted that its AIX operating system was also vulnerable, but the company appeared not have released detailed information yet. IBM was unable to respond in time for the publication of this article.

On NISCC's Web site, a Juniper spokesman wrote: "Juniper Networks M-series and T-series routers running certain releases of JUNOS software are susceptible to this vulnerability." Juniper also failed to respond to requests for comment.

Although the three vendors are unlikely to be the only companies affected by the vulnerability, their products form a large part of the Internet infrastructure.

NISCC has published details of how to characterise and fix the problem on its Web site.

Related

On July 12, we'll see the universe like never before
51656393132-ca88bc21e3-k

On July 12, we'll see the universe like never before

Space
Delta Air Lines just made an embarrassing announcement (you may be livid)
screen-shot-2022-06-22-at-3-50-54-pm.png

Delta Air Lines just made an embarrassing announcement (you may be livid)

Business
Cybersecurity leaders are anticipating mass resignations within the year - here's why
cybersecurity

Cybersecurity leaders are anticipating mass resignations within the year - here's why

Security