New Flaw Exposes Cisco Routers To Hackers, DoS Attacks

A newly found flaw in Cicso's IOS router operating system software could allow hackers to take over IOS-based devices, or launch Denial of Service (DoS) attacks against them.

The flaw involves the authentication system for FTP and telnet connections. It involves the Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions, which allows administrators to create security profiles for those who log on to network services via FTP or telnet. A hacker could exploit a buffer overflow when remotely creating a TCP connection to an IOS device.

A Cisco security advisory about the flaw notes, "Successful exploitation of the vulnerability on Cisco IOS may result in a reload of the device or execution of arbitrary code. Repeated exploitation could result in a sustained DoS attack or execution of arbitrary code on Cisco IOS devices."

Affected versions include IOS 12.2ZH, IOS 12.2ZL, IOS 12.3, IOS 12.3T, IOS 12.4 and IOS 12.4T. IOS versions that are not vulnerable are IOS XR and IOS versions 12.2 and earlier, including 12.0S.

If a device doesn’t have the Firewall Authentication Proxy for FTP and/or Telnet configured, it is not vulnerable to the attack. Cisco said that to work around the flaw, administrators can deploying authentication services for HTTP and HTTPS.Cisco has posted a patch for the flaw.