Cisco Reveals More Security Risks In Multiple Products

The bulletin, posted on Cisco's Web site, details how the Internet Control Message Protocol, used to report errors and provide diagnostic data, could be exploited to launch DoS attacks against the Transmission Control Protocol. The result could cause connection resets or reduce throughput of existing connections, according to the advisory.

Cisco, San Jose, Calif., has issued a free software fix and said workarounds are also available.

The vulnerability impacts all versions of the company's IOS (Internetwork Operating System) and particularly affects products that run Cisco IOS and have PMTUD (Path Maximum Transmission Unit Discovery) enabled.

IOS-based and some non-IOS-based products are susceptible, including multiple models of the company's routers and switches, as well as its Aironet WLAN access points and bridges, CRS-1 service provider router, PIX Security Appliance, Catalyst 6608 voice gateway, multiple IP phones and several other products.

Last Wednesday, Cisco warned via an advisory that certain versions of IOS may contain vulnerabilities that permit an unauthorized user to complete authentication and access network resources. Another advisory issued the same day said two vulnerabilities in certain versions of IOS could cause devices to exhaust resources and reload, resulting in a DoS condition.

Cisco issued free fixes to address the risks laid out in both advisories.