Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Trading Technology

06:46 PM
Connect Directly
RSS
E-Mail
50%
50%

Cisco Warns Of Multiple IOS Vulnerabilities

Cisco Systems announced on Tuesday that there are several vulnerabilities in the Intrusion Prevention System feature set of its Cisco IOS.

Cisco Systems announced on Tuesday that there are several vulnerabilities in the Intrusion Prevention System (IPS) feature set of its Internetwork Operating System (IOS).

Fragmented IP packets may be used to evade signature inspection, according to a warning on Cisco's Web site. It also warned that the IPS signatures using the regular expression feature of the Atomic.TCP signature engine may cause a router to crash, resulting in a denial of service.

Cisco's IOS is software used in many of its routers and network switches.

Four versions of Cisco IOS are vulnerable to the fragmented packet evasion vulnerability: Version 12.4, 12.4T, 12.4XE, and at least one release of 12.3T. Many of the IOS version releases are vulnerable to the Atomic.TCP regular expression denial of service flaw.

An alert on the SANS Institute's Internet Storm Center recommends an upgrade of the IOS version.

Register for Insurance & Technology Newsletters
Slideshows
Video