A vulnerability recently discovered in Cisco Systems' core routing software could allow hackers to crash and restart almost any Cisco router without even logging in to it.
A company official said yesterday the flaw affects all versions of Cisco's Internetwork Operating System (IOS) since Version 9.1, with some exceptions. A notice on Cisco's Web site provides workarounds and identifies versions that contain a fix. Cisco will upgrade any site not under a service agreement to Version 11.0, free of charge.
Any hacker who can establish an interactive link to one of the affected routers can cause it to restart, said Peter Long, director of Cisco IOS marketing.
"If a hacker can get access to the command prompt, there are things they can put in that will cause the router to restart," Long said.
"They can't get access to any resources or get into your site," Long added. "It's really a denial-of-service attack."
The attack would cause a short disruption of service, probably less than 30 seconds, Long added.
Long said no attacks are known to have been caused by the flaw. Cisco discovered it while examining another problem, he added. IOS, Version 9.1, became available before 1994.
A field notice posted August 12 on Cisco's Web site gives work-arounds to the problem and a method to determine whether a given device is affected.
According the notice, 7xx series routers are not affected. Neither are PIX firewalls, LightStream 1010 or 2020 ATM switches, IGX or BPX WAN switches, the Axis shelf, Local Director, Cache Engine host-based software, nor Catalyst LAN switches (except the Catalyst 2900XL).
The field notice is at http://www.cisco.com/warp/public/770/ioslogin-pub.shtml/.
Cisco Systems Inc., in San Jose, California, can be reached at http://www.cisco.com/.