Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Cisco suffering from security holes

Cisco suffering from security holes

by Nikola Strahija on January 20th, 2006 Three serious vulnerabilities have been patched in Cisco IP PBXs and routers.


The first flaw affects Cisco CallManagers could leave servers open to denial-of-service attacks, potentially shutting down the phone service inside a company. This is because servers do not time out TCP connections on certain ports fast enough. This could cause overuse of CPU and memory resources on the server and lead to a crash or reboot and IP phones not responding with dial tone, the company says.

The second hole deals with Multi Level Administrator service on CallManager servers. Administrators without read-write administrator-level access to the CallManager could heighten their privileges by sending a "crafted URL" to the CallManager administrator Web page on the server. Affected versions for both of these flaws are 3.2, 3.3, 4.0 and 4.1.

The third problem is in Cisco's IOS router software. It could result in a remotely executed DoS attack on Cisco equipment. Cisco IOS Stack Group Bidding Protocol (SGBP), used on routers that aggregate multiple Point-to-Point Protocol (PPP) connections, if sent a specially crafted UDP packet to port 9900 on an affected router causes the device to freeze.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »