Cisco Systems has issued patches for a number of security vulnerabilities affecting its routers and its Call Manager software, some of which could be used to launch a DDoS (distributed denial of service) attack against the products.
The router bug affects all Cisco devices that use the company's IOS (Internetwork Operating System) software and that have enabled a little-known protocol called SGBP (Stack Group Bidding Protocol), which helps manage network access using Cisco devices.
This vulnerability probably does not affect a lot of Cisco users, because the SGBP is not widely used and devices that do not have the protocol enabled are not vulnerable, says Johannes Ullrich, chief research officer for the SANS Institute, a security training organization.
Call Manager Bugs
The other two bugs relate to Cisco's Call Manager software, which manages VoIP (Voice over Internet Protocol) calls. The bugs could be exploited by an attacker either to launch a DoS attack against the Call Manager machine or to gain additional user privileges on such a system.
Call Manager users should apply these patches, but with caution, Ullrich says. "You should apply them because there are a couple of serious vulnerabilities there. But don't rush them," he says. "If your Call Manager breaks, and your company is without phone service for a couple of days, it's not good."
"Cisco Patches Router, Call Manager Software" Comments