IDG News Service - Cisco Systems Inc. has patched a number of security vulnerabilities affecting its routers and Call Manager software, some of which could be used to launch a denial-of-service (DoS) attack against the products.
The router bug affects all Cisco devices that use the company's Internetwork Operating System software and that have enabled a little-known protocol called Stack Group Bidding Protocol (SGBP), which is used to help manage network access using Cisco devices.
This vulnerability probably does not affect a lot of Cisco users, because the SGBP is not widely used and devices that do not have the protocol enabled are not vulnerable, said Johannes Ullrich, chief research officer at the SANS Institute, a security training organization.
The other two bugs relate to Cisco's Call Manager software, which is used to manage voice-over-IP calls. The bugs could be exploited by an attacker to either launch a DoS attack against the Call Manager machine or to gain additional user privileges on such a system.
Call Manager users should apply these patches, but they should do so with caution, Ullrich said. "You should apply them because there are a couple of serious vulnerabilities there. But don't rush them," he said. "If your Call Manager breaks and your company is without phone service for a couple of days, it's not good."
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
