Cisco hit by trio of vulnerabilities

Cisco has warned users of three vulnerabilities that could compromise the security of its networking products.

The first affects some of its routers and switches and could allow malicious users to launch a denial of service attack.

The flaw in Cisco's Internetwork Operating System (IOS) software version 12.0 only affects certain devices, but could be exploited by a remote user to cause the device to reload repeatedly. Cisco has produced a code fix, and the advisory is available here.

The networking firm also flagged up a vulnerability in the TCP specification RFC793, which could allow a malicious user to quickly reset any established TCP connections.

All Cisco products that contain a TCP stack are susceptible. Vulnerable products include the Catalyst line, Microhub 1500 and Secure PIX Firewall. This advisory is available here.

The TCP vulnerability also affects all products that run IOS 12.0 software, such as IOS Firewall. Only TCP sessions that terminate on the devices are affected, as the vulnerability affects the endpoints of a session, according to Cisco. This advisory is available here.

Cisco advised customers to upgraded their software through the regular route, which is normally through Cisco's website at www.cisco.com/security