Gaping hole in Cisco routers and switches found

— 12:44 PM on July 18, 2003

There's a huge hole in Cisco routers and switches running Cisco IOS software that's already being exploited. Just how severe is the vulnerability?

"We're very concerned. When you consider how big Cisco is and how important they are to the Internet, there are millions of devices out there," Ingevaldson said. "It's only been a day since the bulletin went out and already there's a robust exploit out there."

The vulnerability affects every Cisco router and switch running versions 11 or 12.x up through 12.3 of the Internetworking Operating System (IOS). When an attacker sends a specific series of Ipv4 packets to an affected device, the device handles the packets incorrectly and refuses to perform any further routing operations. The attack doesn't trigger any alerts and the device must be manually rebooted in order to resume normal operations.

Cisco has issued a fix, but considering how many routers and switches are affected, security professionals could be in for a long weekend of patching.
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.