Cisco has issued a fix for a serious vulnerability problem affecting its routers and switches that could allow malicious users to crash networks.
The defect, which came to light at the beginning of this month, is present in any image that supports management of the router via the web from IOS (Internet Operating System) release 11.1 and all later releases.
The company said the bug can be exploited to produce a denial of service (DoS) attack.
In a detailed description of the problem, Cisco said any affected IOS device that is operating with the http server enabled, and is not protected against unauthorised connections, can be forced to halt for a period of up to two minutes and then reload.
This vulnerability can be exercised repeatedly, possibly creating a DoS attack, until the http server is disabled, the router is protected from the attack, or the software on the router is upgraded to an unaffected release of IOS.
Cisco said it is offering free software upgrades to remedy the bug, which are available via the Software Centre on the company's website at www.cisco.com.
The problem can also be countered by disabling the IOS http server, using an access list on an interface in the path to the router to prevent unauthorised network connections to the http server, or applying an access class option directly to the http server itself.
The bug is only the latest in a long list of security problems that have hit Cisco in the last few months. In April, it had to admit to a defect in the way its routers handled the Telnet remote access protocol, which could also have been exploited to produce a DoS attack.
But doesn't mention Nvidia by name...
PAC slams lackadaisical NHS security as IT security measures are ignored
Visibility, automation and accountability are essential
Developed to enhance real-time biometrics for US Army's night-time operations