Saturday, September 27, 2008

Cisco Bi-Annual Patch Day

Cisco has published 12 advisories about security holes and vulnerabilities in its IOS router operating system and in Cisco Unified Communications Manager. Specially crafted L2TP, SCCP, MPLS and SIP packets can cause vulnerable devices to reboot and protocol-independent multicast packets (PIM) can cause systems to freeze. There is also an operational flaw in several MPLS based VPNs which can result in spurious packets being passed between VPNs, exposing information in the process.

As usual, SANS did a great job on summarizing the numerous vulnerabilities here with rating: 6 critical, 4 patch now, and 2 important. All the vulnerabilities can be exploited using readily available network utilities.

See also: