Cisco releases bundle of router security patches

Cisco Systems Inc. has released a set of security patches for Internet Operating System (IOS) software, used his power routers and switches.

The patches were released Wednesday, the date previously set Cisco aside as the latest release date for its IOS patches twice a year. Cisco also published 12 security advisories describing the bugs, given that many of these vulnerabilities could be exploited by attackers to crash an IOS device.

One mistake, a mistake in SNMP, could be exploited by an attacker to take control of the router. However, only specially configured Cisco uBR10012 series devices, used by telecommunications companies to connect customers to broadband Internet, are affected by the flaw, Cisco said.

Symantec rated this fundamental obstacle for Wednesday and advised users of these devices who have configured their routers for redundant line cards to apply the patches as soon as possible.

Cisco is not aware of any attacks or previous public information that is based on the ruling.

Other errors that have been patched affect Cisco’s multicast, SSL processing and protocol software login. A complete list of security bulletins can be found on Cisco’s Web site.