Cisco moves to plug router software flaws

Cisco has released a number of security patches for its Internet Operating System (IOS), the underlying software which is used to power routers and network switches.

The networking company published 11 advisories which described the bugs as well as one outlining a vulnerability in Cisco's Unified Communications Manager.

It was noted that some of the flaws could allow malicious hackers to take over the device while others left users at risk of denial-of-service attacks. Cisco started releasing bunches of IOS Security Advisories in March, with this the second date marked as the release date for the twice-yearly patches.

Broadly, the advisories were about how Cisco software - which processes network protocol traffic such as Multi Protocol Label Switching (MPLS) - caused appliances such as VPN to fail.

One of the advisories said that two crafted Protocol Independent Multicast (PIM) packet vulnerabilities existed in Cisco IOS software which could lead to denial of service (DoS) attacks.

Another of the advisories looked at a SNMP vulnerability on the Cisco uBR10012 system devices, which an attacker could have exploited to take control of the device. Security vendor Symantec had also noted this problem.

Cisco has released free software updates to address these and other vulnerabilities, as well as workarounds that could mitigate them. The vulnerabilities are listed here.