Cisco Systems has released a security patch to fix vulnerabilities in a number of its products that are at risk of a denial of service attack.
The vulnerabilities are found in a third-party cryptographic library in Cisco IOS, Cisco IOS XR, Cisco PIX and ASA Security Appliances, Cisco Firewall Module and Cisco Unified CallManager products, according to a security advisory issued by Cisco.
The security flaws could allow attackers to send a few small packets through the routers to shut down the network in a DOS attack.
The vulnerabilities can be exploited without a valid username or password, given some of the older Cisco products have the cryptographic library set to default. And while attackers may be able to launch a DOS attack, they are not known to gain access to information that has already been encrypted, Cisco noted.
In its advisory, Cisco includes various links for downloading fixes, as well as offering suggestions for potential workarounds.
Although the vulnerabilities affect a wide range of Cisco products, no exploits have yet surfaced. Related posts:Microsoft to Seed Vista SP2 to Developers Next WeekGoogle launches online medical records serviceVista SP1 Available Via Windows UpdateOpenID Gets Star PowerVista SP1 Due on MondayMicrosoft Warns of Office 2003 SP3 Auto-Update