In association with heise online

11 January 2007, 11:17

DoS holes in Cisco products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco has reported two vulnerabilities in its products that could have allowed attackers to use activated data link switching to take down the Enterprise Contact Center and Cisco devices.

In Cisco's Unified Contact Center Enterprise and IP Contact Center Enterprise, attackers could use network packets sent to the JTapi server's port to provoke the machine to reload. During reloading, no new connections could be set up, but ongoing telephone calls are reportedly not disconnected.

The second security hole concerns Cisco's IOS 11.0 to 12.4 operating systems. When they are configured for data link switching (DLSw) and attackers can access port 2065 or 2067, then attackers could cause a reload by sending prepared options during capability exchanges. DLSw supports the transport of NetBIOS traffic across IP networks, among other things.

In its security advisory on the IOS vulnerability, Cisco presents a number of steps that administrators should take before installing a software update. In addition, registered users could also receive the latest software from the usual channels.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit