Users Scramble To Patch Serious Flaw In Networking Software - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:37 PM

Users Scramble To Patch Serious Flaw In Networking Software

The vulnerability in Cisco routers and switches could be used by hackers to cause widespread outages.

Cisco Systems is working with customers to resolve a serious security flaw in the software that runs its routers and switches. The vulnerability affects hardware running Cisco's Internetworking Operating System and configured to process Internet Protocol version 4 packets. If left unpatched, it could leave businesses open to denial-of-service attacks that disconnect their networks.

Theoretically, attackers can send a special sequence of data packets to switches, routers, and wireless access points that are running IOS, causing the hardware to stop processing traffic. "All it does is shut down the interface that is attacked and disconnect your Internet access," says Russ Cooper, surgeon general for security services firm TruSecure Corp. Attackers are unable to modify access control or gain access to secure data, he says.

Nonetheless, the flaw could potentially be a very expensive one; companies that are hit will lose network capabilities until the hardware is rebooted and will incur expenses in both lost productivity and sending IT personnel to reboot and patch every affected device on the network, Cooper says.

Word of the vulnerability began circulating on the Internet Wednesday morning, when a number of Internet service providers, including AT&T, MCI, and Sprint, issued warnings of upcoming maintenance. Late Wednesday, Cisco released a security advisory describing the problem and released a free patch to correct it. There's no evidence that any systems have been attacked in an attempt to exploit the flaw.

It's unlikely that this vulnerability could be used by a worm or virus, Cooper says; instead, only companies that are specifically profiled and targeted are likely to be at risk. "It's very unlikely that small to medium-sized businesses will be attacked," he says.

But the flaw is likely to cause serious stress for IT departments that are racing to fix other security holes identified earlier in the week. On Wednesday, Microsoft revealed a critical vulnerability in most versions of Windows; if exploited, an attacker could run rampant on corporate systems, destroying data or running applications.

This one-two punch is likely to be a serious problem for already-overworked IT departments that may be short-staffed during the summer vacation season. "Not only do they have to patch all of their routers, they have to patch every Windows computer in their environment, whether it's connected to the Internet or not," Cooper says. "It's going to be hard."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll