Cisco patches several vulnerabilities in IOS
Cisco has published the details of several vulnerabilities in its IOS network operating system. For example, the processing of prepared packets through WebVPN, SSLVPN, SIP and Mobile IP services could allow a remote attacker to a restart or crash a system causing a denial of service condition. A problem in the Secure Copy (SCP) implementation could provide users with access to the IOS command-line interface (CLI). The configuration of the device could then be manipulated or allow access to stored passwords – even if the CLI user rights don't permit it.
Updates for Cisco's IOS have been provided to resolve the issues. An overview of the vulnerabilities is available in the original security advisory provided by Cisco.
- Summary of Cisco IOS Software Bundled Advisories, March 25, 2009, a security advisory from Cisco.