Cisco warns of serious IOS flaw

IOS flaw could be exploited to crash machines or remotely run malicious code

Cisco has announced details of a serious software flaw that puts computer networks at risk of cyber-attack, and has prompted a number of security vendors to raise their internet threat levels.

The firm said that a vulnerability in its Internetwork Operating System (IOS) could be exploited to crash or remotely run malicious code on devices that run the OS. IOS runs on Cisco's routers and switches, many of which are in use in the internet's infrastructure. 

• Full details of the vulnerability are available from Cisco here.

Cisco claimed that there are no known exploits or attacks which take advantage of this latest IOS vulnerability. It has software fixes available to correct the problem and rates the issue as a 'medium' urgency.

The networking vendor said in its advisory: "Successful exploitation of the vulnerability in Cisco IOS may result in a reload of the device or execution of arbitrary code. Repeated exploitation could result in a sustained [denial of service] attack or execution of arbitrary code."

Security firm Symantec has raised its ThreatCon global threat index to Level 2, suggesting an imminent attack as a result of the flaw.

The company raises its threat level infrequently, usually after monitoring increased hacker chat and scanning at one or more of its worldwide monitoring sensors.

"Given the recent attention to exploitation of vulnerabilities in Cisco's IOS it is possible that this issue will see attempts at exploit development in the near term," Symantec said.

The vulnerability does not affect all versions of IOS, and only exists if the firewall authentication proxy for FTP and Telnet sessions are in use. This component of IOS handles authentication requests for file transfer and Telnet sessions.

Affected devices are those running IOS versions 12.2ZH and 12.2ZL, 12.3, 12.3T, 12.4 and 12.4T. Users can log-on to their Cisco device and enter the 'show version' command to determine which version of IOS it is running.

Graham Cluley, senior technology consultant at Sophos, said: "The vulnerability in Cisco IOS is serious, and could be exploited by malicious hackers to cause a denial of service attack or potentially compromise a vulnerable system.

"Any companies which believe they may be at risk should visit Cisco's website for advice, and apply any updates as necessary."