The flaw potentially represents a major problem for network administrators, as Cisco's routers and switches are the most widely used in the world and are deployed all across the Internet.
Cisco officials said the company has fixes for all of the affected versions and has made them available to all of its customers.
The vulnerability only applies to TCP sessions that are initiated or terminated on an affected Cisco device, not traffic that is forwarded by a vulnerable machine, according to an advisory released by the company.
The flaw has to do with the way that the IOS program chooses Initial Sequence Numbers at the beginning of each TCP session. The numbers, which are exchanged by the sending and receiving hosts, are supposed to be chosen randomly. Each successive packet then contains a sequence number that is based on the ISN plus the number of bytes transferred to the receiving host.
However, if the ISN is not chosen at random or if it is increased by a non-random increment in subsequent TCP sessions, then an attacker could infer a particular number in the sequence and forge one half of the TCP connection or hijack an existing connection between two hosts.
The attacker would then have the ability to inject forged packets into a network or, if the attacker was inside the network, divert and modify the contents of a message and then return it to the traffic flow.
No attacks reported Cisco discovered the problem several weeks ago and has not had any reports of customers being attacked using this vulnerability, officials said.
"It's an old problem that comes back in various forms over the years," said Jim Duncan, product security incident manager at Cisco. "No one realised (at the time TCP was created) how important it would be for those numbers to be truly random."
Duncan said the problem was a natural result of the machines on the Internet getting faster, which means the hosts establish more and more TCP sessions, which in turn use up the available pool of random numbers more quickly.
