Cisco has warned of three critical holes in its router operating system that could allow for a denial of service attacks.

The company has issued workarounds and an updated version of its Internet Operating System (IOS) without which a hacker could run arbitrary code on an affected router.

The three problems are:

  • TCP packet problem: A memory leak in certain versions of IOS could lead to a DoS attack, according to CERT.
  • IPv6 router header vulnerability: IOS can fail to properly process IPv6 packets with specially-crafted routing heads, which could allow a DOS attack or the running of arbitrary code.
  • Crafted IP option vulnerability: A bug concerning how IOS processes IPv4 packets with a specially-crafted IP option. It could also enable a DOS attack or the running of arbitrary code.

CERT wrote that all three vulnerabilities could cause a device to reload its operating system. In that case, a secondary, sustained DoS condition could be caused since packets won't go through the device.

"Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe," CERT said.