Cisco flaws may cripple networks

Submit

Three security holes in the software that runs Cisco Systems' routers and switches could let miscreants disrupt computer networks, including the Internet.

The vulnerabilities lie in Cisco's Internetwork Operating System and could be exploited to crash or remotely run malicious code on devices that run the software, the San Jose, Calif., networking giant warned Wednesday in security advisories. IOS runs on Cisco's routers and switches, which make up a large portion of the Internet's infrastructure.

Cisco's warning prompted the US Computer Emergency Readiness Team, or US-CERT, to issue an alert. "A remote attacker may be able to execute arbitrary code on an affected device, cause an affected device to reload the operating system, or cause other types of denial of service," US-CERT said on its Web site.

Being able to execute arbitrary code means that an attacker could change the configuration of a router or switch, redirecting traffic or potentially sniffing the data that travels through a Cisco device. In a denial-of-service attack a vulnerable router or switch would be taken offline, disrupting any traffic it is tasked to channel.

"Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe," US-CERT said.

The impact of each of the three vulnerabilities is different. The most serious of the problems, which relates to how IOS handles specific data packets, affects a broad range of Cisco devices. This includes routers and switches used by telecommunications companies that use Cisco's gear to shuttle data traffic across networks.

"These are serious issues and patches need to be applied as soon as possible," said Gunter Ollmann, director of security strategy for IBM Internet Security Systems. "From our monitoring of underground channels there are a lot of people interested in these and actively working on exploits."

Cisco has software updates available to address the vulnerabilities, the company said in each of its alerts. "Cisco is also not aware of any current exploitation of these vulnerabilities," the company added.

Will Sturgeon of Silicon.com in London contributed to this story.

Talkback

Quick Poll

What is the biggest data management challenge in your organisation?

Inconsistent data and overlapping sources
Rising management and maintenance costs
Scaling the database to meet business needs
Handling analysis of streaming data
Complexity in data security auditing and reporting databases
Inability to keep up with growth in requirements

ZDNet Australia Live

I'm ok with less for later. ESP if nrl/arl. “@zdnetaustralia: More TV Now may mean less TV later: http://t.co/Mnp2MeT7”

1 minute ago by lenman74 on twitter, retweet

#Symantec confirms hacker extortion attempt where company offered $50k to prevent leak of its source code http://t.co/BbtI1CF7 || #Anonymous

6 minutes ago by DiabloAnon on twitter, retweet

RT @IDEALAW: Breastfeeding women protest outside Facebook offices worldwide: http://t.co/HqriEplR Sydney Boob Out at noon today.

6 minutes ago by C_G_ONeill on twitter, retweet

More TV Now may mean less TV later: http://t.co/mEp8aWBh

6 minutes ago by zdnetaustralia on twitter, retweet

PCAnywhere affected by hack: Symantec http://t.co/cLTiSk8p

21 minutes ago by jayz2pac on twitter, retweet

Phishing scam causes Telstra email woe http://t.co/PlCX0X0N via @zdnetaustralia

21 minutes ago by Ken_Judd on twitter, retweet

I'm not sure that "nuclear option" of withdrawing from FTA is valid for the NRL or AFL. Surely the sponsors on the ground signage and pla...

21 minutes ago by mpm123 on More TV Now may mean less TV later

Australian finance site hit by DDoS: Australian finance news website Money Management yesterday fell victim to a... http://t.co/1Byavr3z

26 minutes ago by NewsinIT on twitter, retweet

Australian finance site hit by DDoS: Australian finance news website Money Management yesterday fell victim to a... http://t.co/QboRUs2O

26 minutes ago by oztechguy on twitter, retweet

Australian finance site hit by DDoS http://t.co/fog7wF4q

31 minutes ago by ForshawFlip on twitter, retweet

Symantec confirms hacker extortion http://t.co/jEM9CKgC

31 minutes ago by ForshawFlip on twitter, retweet

Hipstamatic busted for plain text log-ins http://t.co/vM96j8q5

31 minutes ago by ForshawFlip on twitter, retweet

More TV Now may mean less TV later http://t.co/6XN50UdP

31 minutes ago by ForshawFlip on twitter, retweet

"NPD: Android attracting more than half of new smartphone shoppers" - ZDNet http://t.co/bakOmae8 #android

31 minutes ago by TechNewsAust on twitter, retweet

by http://t.co/vmlQ0Ecb: More TV Now may mean less TV later: Optus' landmark court win last week was hailed far a... http://t.co/KPHqI1bE

36 minutes ago by InternetTechSec on twitter, retweet

More TV Now may mean less TV later: Optus' landmark court win last week was hailed far and wide as a victory for... http://t.co/c9brAZHo

36 minutes ago by Compare_Cloud on twitter, retweet

Facebook may release its core C++ library this year http://t.co/jGhSS7Ty

36 minutes ago by MobiMediaMarket on twitter, retweet

RT @JLLLOW: RT @zdnetaustralia: Govt caught in internet-security time warp: http://t.co/nIj6MGJE

36 minutes ago by davidcampbell84 on twitter, retweet

More TV Now may mean less TV later: Optus' landmark court win last week was hailed far and wide as a victory for... http://t.co/BCsxb7l6

36 minutes ago by oztechguy on twitter, retweet

Hipstamatic busted for plain text log-ins http://t.co/KHxvZ4rL

41 minutes ago by zdnetaustralia on twitter, retweet

Pilot sues Virgin for being an iPad Luddite http://t.co/SsF2QFO6

41 minutes ago by Ms_Bix on twitter, retweet

HILARIOUS!!I And shocking Symantec haven't been suited to hell! RT @zdnetaustralia: Symantec confirms hacker extortion: http://t.co/xR4HmTZo

46 minutes ago by AndrewPalozzo on twitter, retweet

Hipstamatic busted for plain text log-ins - It has been revealed that popular iPhone photography app Hipstamatic is ... http://t.co/RADwB5XE

46 minutes ago by pcrepairs_au on twitter, retweet

Phishing scam causes Telstra email woe - compromised email accounts blacklisted http://t.co/qbO2bU85 (via @zdnetaustralia)

51 minutes ago by avgaunz on twitter, retweet

iPhone camera app Hipstamatic stores login details in plain text http://t.co/u3wnFq1P

51 minutes ago by theheartoffood on twitter, retweet

Hipstamatic busted for plain text log-ins http://t.co/MFSmwS7L

55 minutes ago by iPhone_Cable on twitter, retweet

Pilot sues Virgin for being iPad Luddite http://t.co/xSKIFeOh

55 minutes ago by iPad_Cable on twitter, retweet

How to spot a fake Facebook profile (infographic) http://t.co/8HZFuefI

1 hour ago by Circul8 on twitter, retweet

Symantec confirms hacker extortion: http://t.co/Ohetnr31

1 hour ago by zdnetaustralia on twitter, retweet

RT @zdnetaustralia: Symantec confirms hacker extortion: http://t.co/Ohetnr31

1 hour ago by joshgnosis on twitter, retweet

by http://t.co/vmlQ0Ecb: Symantec confirms hacker extortion: Symantec has today confirmed that email corresponden... http://t.co/3K2sq0hI

1 hour ago by InternetTechSec on twitter, retweet

#Google: Madonna tops Tom Brady, Patriots and Giants in searches http://t.co/ZPPBqhOj

1 hour ago by socialbuzzAUS on twitter, retweet

Not just GenY RT @kevster009: 10 things Gen Y do online.. and shouldn't. http://t.co/D92mClSK…. A great reminder for everyone.

1 hour ago by BrentCahill on twitter, retweet

Symantec confirms hacker extortion - ZDNet Australia http://t.co/CKaHh8XM

1 hour ago by hacker on twitter, retweet

Symantec confirms hacker extortion: Symantec has today confirmed that email correspondence between the company a... http://t.co/8llws6Tl

1 hour ago by oztechguy on twitter, retweet

Macquarie expands shared tech team http://t.co/MqyJU1gM

1 hour ago by zdnetaustralia on twitter, retweet

The mining industry run around telling us about wht great employment gererators they are when they are trying to avoid taxation, as soon ...

1 hour ago by Kevin Cobley on Robotic mining worth its high cost: Rio

VeriSign Authentication Services provides solutions that allow companies & consumers to engage in communications & commerce online with c...

1 hour ago by santla on Hackers stole data from VeriSign in 2010

I've delt with developers daily for 2 decades and I am astounded at the arrogance that new grads possess, combined in no fundamentals and...

1 hour ago by Dr_Truth on IT lumped with 'arrogant, ignorant' grads

Every mobile phone we should have a good mobile security downloaded so that we can be aware of this malwares!!!

1 hour ago by santla on Google scans Android apps for malware

Oh nice to know about this article!!!

1 hour ago by santla on Ex-Firefox exec plans Facebook for Android

Its good if they get it!!

1 hour ago by santla on Will Android get a root store?

Android is good!!! i too have android mobile ..

2 hours ago by santla on Android features better than iPhone: Woz

Thanks for the artilcle i too have android mobile phone!! and its so good and i have comodo mobile security in my phone

2 hours ago by santla on Android to be developer platform of choice

Great to know about it. along with this we can have some good mobile security so that we can remain safe with our mobiles tooo such a com...

2 hours ago by santla on iPhone 4S wins Android, BlackBerry users

Android mobile very cheap and good now a days more than ipad !!!

2 hours ago by santla on Android closes in on iPad market share

Android mobileare getting lot of malware now a days its better to have some good mobile securities like Comodo Mobile Security !!!

2 hours ago by santla on Google scans Android apps for malware

This has been a serious problem now a days!!!

2 hours ago by santla on Microsoft settles with alleged botnet host

"I agree that their products have gotten a lot better. How insecure they still are says a lot about how hard this problem really is

2 hours ago by santla on Has Microsoft fixed its security issues?

Yeah i accept with myron!!

2 hours ago by santla on Microsoft halts another botnet: Kelihos

the Kelihos botnet has not crawled out of the grave, ... new botnet is being assembled using a variant of the original malware.

2 hours ago by santla on Antivirus employee named in botnet case

Thanks to know about it the artile was good

2 hours ago by santla on 2011: security's most spectacular stuff-ups

Kelihos, according to the researchers, has been found in new variants and they quite resemble the earlier build.

2 hours ago by santla on Kelihos variants slipped Microsoft's noose

Facebook is facing lot of attacks now a days !!!

2 hours ago by santla on The floatcast

Android phones malwares are increasing now a days a lot. inorder to get rid from this we have to be aware to have a good mobile security...

2 hours ago by santla on Android malware finds way to polymorph

This story has been voted 5 times in the last 24 hours!

3 days ago, Abbott paving a telecoms road to nowhere

Keep up with ZDNet Australia

Inside ZDNet Australia

ZDNet / Us-cert / Story

Cisco flaws may cripple networks

Topics

Top related stories

Related gallery

Related stories

Talkback

Resource Centre Useful content from our premier sponsors

Quick Poll

ZDNet Australia Live

Facebook Activity

Keep up with ZDNet Australia

ZDNet Events Calendar

Plan Comparison

Sponsored resources

Inside ZDNet Australia

Services