Cisco finds security flaw in router software
Takeaway: Routers running certain telephony features could be vulnerable to denial-of-service attacks. A patch is available.
Stay on top of the latest tech news with our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!By
Marguerite Reardon
Staff Writer, CNET News.com
Cisco Systems routers running certain telephony features could be vulnerable to denial-of-service attacks, the company warned Friday.
Cisco said routers running the IOS Telephony Service, Cisco CallManager Express and Survivable Remote Site Telephony features could be vulnerable. These features are embedded in the company's Internetwork Operating Software, or IOS, which is used on all of Cisco's IP routers.
The CallManager Express feature enables Cisco IP routers to handle call processing for Cisco IP phones. Survivable Remote Site Telephony gives companies with branch offices an automated backup mechanism to improve the reliability of their IP voice networks. If the wide-area network link to a remote office fails and the connection to the Cisco CallManager is lost, the branches' phones would automatically be redirected to the Cisco branch router running the Survivable Remote Site Telephony feature. This router would take over and provide the same function as the CallManager. When the wide-area link is restored, the phones would automatically reregister with the original Cisco CallManager.
These features all use Skinny Call Control Protocol, the primary signaling protocol for Cisco's CallManager. Cisco said in its warning that certain "malformed packets" sent to the port handling the Skinny Call Control Protocol may cause the device to reload. An attacker exploiting this bug could flood the device with malformed packets that would cause the device to reload over and over again, causing a denial-of-service attack.
Cisco notes that only devices running IOS with these telephony features are vulnerable to this sort of attack. A free software patch is available from the company to fix the problem. More information about the vulnerability is available on Cisco's Web site.
SponsoredWhite Papers, Webcasts, and Downloads
- Still Struggling to Reduce Call Center Costs Without Losing Customers? The Right Technologies Lead the Way Out of the Call Center Dilemma SAP
- Nextel Direct Connect Fact Sheet Sprint
- CRM Without Compromise: A Strategy for Profitable Growth SAP
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
Harnessing the power of waves
Planting solar gardens
Fill your car for $1.10 a gallon?
