Back at the beginning of the month, I wrote about the problems that security holes in Cisco software could present. Now we get word that new vulnerabilities have been found. These latest issues, detailed by US-CERT, could allow outsiders to run your routers. Trust me, if you don’t know why this is very bad, then you don’t need a router.

Cisco has issues a security alert about each of the vulnerabilities, and has made patches available. If you’re in a company with a “we never patch our router” policy, it’s well past time that you changed your policies and procedures. If you don’t have Cisco routers in your infrastructure, don’t get complacent. Cisco is a target for folks looking for vulnerabilities for the same reason Microsoft is a target: it’s where the big numbers are. That doesn’t mean that other equipment doesn’t have vulnerabilities. You should be checking for software and firmware updates to your network infrastructure on a regular basis, whether you’re supporting the network for a large company or a small family. The risks are just too great to let this one slide.

 The CNet story referenced above isn’t the only coverage of this. You might find it interesting to look at ComputerWorld’s take from the IDG News Service; a take from Light Reading; and a view from The Register that ranks the severity of the vulnerabilities.

Categories: Security, Threats