Cisco Patches IOS Flaw

KingFishKingFish
edited January 2005 in Science & Tech
Switching and routing firm Cisco Systems Inc. has issued a fix for a denial-of-service vulnerability affecting versions of its flagship IOS (Internetwork Operating System) software.
A security advisory from the San Jose, Calif.-based company said the flaw affects all Cisco devices that are configured for Cisco ITS (IOS Telephony Service), Cisco CME (CallManager Express) or SRST (Survivable Remote Site Telephony) services.

ITS, CME and SRST are features that allow a Cisco device running IOS to control IP phones using the Skinny Call Control Protocol. The company warned that a malicious hacker could send certain malformed packets to the SCCP port on an IOS device configured for ITS, CME or SRST, which may cause the target device to reload.

The attack scenario could be done repeatedly to create a denial-of-service attack against telephony devices, company officials said.
Source: eWeek

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited January 2005
    Oh, wait, you want the actual patch to fix the problem? That'll cost you a thousand dollars.....

    Wait... Make that a MILLIONTY BILLION dollars.... :shakehead
Sign In or Register to comment.