Cisco issues cyber attack alert

A serious flaw in Cisco Systems software puts computer networks at risk of cyber attack and has prompted security vendor Symantec to raise its internet threat level.

A vulnerability in Cisco's Internetwork Operating System (IOS) could be exploited to crash or remotely run malicious code on devices that run IOS, the San Jose, California, networking giant warned on Wednesday in a security advisory. IOS runs on Cisco's routers and switches, which make up a large portion of the internet's infrastructure.

Cisco said in its advisory: "Successful exploitation of the vulnerability on Cisco IOS may result in a reload of the device or execution of arbitrary code. Repeated exploitation could result in a sustained [denial of service] attack or execution of arbitrary code."

Cisco's warning prompted Symantec to raise its ThreatCon global threat index to Level 2, which means an attack is expected. Symantec said in an advisory: "Given the recent attention to exploitation of vulnerabilities in Cisco's IOS it is possible that this issue will see attempts at exploit development in the near term."

Cisco and Symantec both noted that there are no known exploits or attacks which take advantage of this latest IOS vulnerability. Cisco has software fixes available to correct the problem.

The vulnerability doesn't affect all versions of IOS, Cisco said. Furthermore, it only exists if the Firewall Authentication Proxy for FTP and Telnet Sessions is in use, Cisco said. That component of IOS handles authentication requests for file transfer and telnet sessions.

Affected devices are those running IOS versions 12.2ZH and 12.2ZL, 12.3, 12.3T, 12.4 and 12.4T, Cisco said. Users can log on to their Cisco device and enter the "show version" command to determine which version of IOS it is running, Cisco said. The company rates the issue as a "medium" urgency.

Symantec advises users who can't install the patch immediately to disable the Firewall Authentication Proxy for FTP and Telnet Sessions or limit access to the service to trusted hosts and networks.

This is not the first time Cisco has had a security scare this summer. During the Black Hat and Defcon security events in July, researcher Michael Lynn demonstrated he could gain control of a Cisco router by exploiting a known security flaw in IOS. The operating system had until then been perceived as impervious to such attacks.

Joris Evers writes for CNET News.com