Cisco has warned of three critical holes in its router operating system that could allow for a denial of service attacks.
The company has issued workarounds and an updated version of its Internet Operating System (IOS) without which a hacker could run arbitrary code on an affected router.
The three problems are:
- TCP packet problem: A memory leak in certain versions of IOS could lead to a DoS attack, according to CERT.
- IPv6 router header vulnerability: IOS can fail to properly process IPv6 packets with specially-crafted routing heads, which could allow a DOS attack or the running of arbitrary code.
- Crafted IP option vulnerability: A bug concerning how IOS processes IPv4 packets with a specially-crafted IP option. It could also enable a DOS attack or the running of arbitrary code.
CERT wrote that all three vulnerabilities could cause a device to reload its operating system. In that case, a secondary, sustained DoS condition could be caused since packets won't go through the device.
"Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe," CERT said.