Cisco releases bundle of router security patches

Patches for Cisco's IOS software, used to power its routers and switches, fix vulnerabilities that could be exploited by attackers to crash an IOS device

Cisco has issued a set of security patches for the Internet Operating System (IOS) software, used to power its routers and switches.

The patches were published Wednesday, the date Cisco had previously set aside as the latest release date for its twice-yearly IOS patches. Cisco also published 12 security advisories describing the bugs, noting that many of these vulnerabilities could be exploited by attackers to crash an IOS device.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

One of the bugs, a flaw in the Simple Network Management Protocol (SNMP) could be exploited by an attacker to seize control of the router. However, only specially configured Cisco uBR10012 series devices, used by telecommunications companies to connect broadband customers to the Internet are affected by the flaw, Cisco said.

Symantec rates this flaw critical and on Wednesday advised users of these devices who have configured their routers for linecard redundancy apply the patches as soon as possible.

Cisco is not aware of any attacks or previous public disclosures that were based on this flaw.

Other bugs that were patched affect Cisco's multicast, SSL processing, and Session Initiation Protocol software. A complete list of Wednesday's security bulletins can be found here.