Cisco has warned of a new flaw in its IOS router operating system which might be used by attackers to launch denial of service attacks or take over IOS-based devices. The flaw causes to buffer overflow due to incorrect handling of user authentication credentials.
The vulnerability applies to various versions of Cisco IOS 12.x and affects devices which have configured firewall and authentication system. Upon successful attack, the device will reload and execute arbitrary code.
“Successful exploitation of the vulnerability on Cisco IOS may result in a reload of the device or execution of arbitrary code,” Cisco said in its advisory. “Repeated exploitation could result in a sustained (denial of service) attack or execution of arbitrary code.”
Symantec has raised the vulnerability threat level and advised to disable firewall and authentication until their IOS is patched.