Mid-sized businesses that rely on Cisco’s networking hardware running on IOS will want to check and see if they are affected by one of 10 vulnerabilities that could expose them to a denial-of-service attack.
Cisco Systems issued 10 fixes for different flaws in its IOS (not the Apple mobile operating system) software today. While the manufacturer says hackers haven’t been exploiting these vulnerabilities as of yet, now that the information is in the public sphere it is definitely a possibility. But detailed instructions are online from Cisco that detail fixes or workarounds for the Nework Time Protocol (NTP), the Internet Key Exchange protocol, the dynamic Host Configuration Protocol (DHCP), the Resource Reservation Protocol (RSVP), the virtual fragmentation reassembly (VFR) feature for IP version 6 (IPv6), the Zone-Based Firewall (ZBFW) component, the T1/E1 driver queue and the Network Address Translation (NAT) function for Domain Name System), and Point-to-Point Tunnelling Protocol (PPTP).
If that all seems like too much of a mouthful for you to absorb, Cisco is offering a software checker tool to find your security fix. You can just upload a file to match up with the fix you need. Or if you know what software version is on your equipment, then you can refer to this table from Cisco Security Intelligence Operations to find your way to the fix.
Typically a denial of service attack is conducted by overwhelming name servers with requests until the point of crashing them or slowing them down very significantly. But in this scenario, it’s possible a hacker could crash a device or disconnect it without a mass attack effort.
The patches were issued Wednesday as part of Cisco’s ongoing program to release IOS security advisories on the fourth Wednesday of every March and September. If you’re a regular user of those products, it’s probably a good idea to add that to your calendar.