Cisco has issued the fixes to internet service providers who are expected to roll out repairs in the coming days.
But there is concern that malicious hackers could exploit the flaws in the routers before the problems are fixed.
At least one of the holes could lead to e-mail and internet access issues, according to security experts.
Mikko Hypponen, chief research officer with F-Secure, said: "There's not much consumers can do themselves; these patches affect only the internet infrastructure itself, the routers which companies are using to pass on net traffic.
"Some sites and services might be down."
| | There will always be new vulnerabilities. The internet will never be 100% safe Mikko Hypponen, chief research officer, with F-Secure |
However, Cisco has said it is not aware of "any current exploitation of these vulnerabilities".
In a statement the company said: "Cisco is aware of multiple vulnerabilities that may impact Cisco IOS and IOS XR devices and has published three separate security advisories about them.
"In all cases, Cisco has made free software available to address the vulnerabilities for affected customers."
Malicious
One of the holes could see a malicious hacker take control of a Cisco router and install software of their choosing.
"Any flaws in Cisco routers that are in widespread use is very concerning as these are the basic building blocks of the internet," said Mr Hypponen.
But he said the types of attacks would be limited because there was little financial motive.
"If you look at the different attack scenarios and who would use those vulnerabilities, it's not that obvious who would exploit these holes - you can attack certain operators or companies and crash their public services such as e-mail and web sites.
"I guess we will be seeing attacks from hobbyist hackers."
Mr Hypponen said he did not expect the problem to go on for long.
"Critical companies will patch their routers very quickly."
Mr Hypponen said that the news of the holes and the resulting patch had actually made the net safer, not more vulnerable.
"Although it looks like bad news it is good news too.
"There will always be new vulnerabilities. The internet will never be 100% safe."
No comments:
Post a Comment