On Wednesday, Cisco Systems issued three patches for critical vulnerabilities affecting Cisco Internetwork Operating System (IOS). The most serious of these affects the Cisco Voice Portal and the Secure Shell server (SSH) implementations.
Cisco says the first patch covers a vulnerability that exists in the Cisco Unified Customer Voice Portal (CVP), which provides customer voice and video self-service integration. If the vulnerability is exploited, an authenticated user can create, modify, or delete a superuser account. In other words, successful exploitation may result in full control of the system.
The second patch covers the Secure Shell server (SSH) implementation in Cisco IOS, which contains multiple vulnerabilities. Exploitation may allow unauthenticated users to generate a spurious memory access error or, in certain cases, reload the device. Cisco notes that the IOS SSH server is an optional service that is disabled by default, but says its use is recommended as a security best practice for management of Cisco IOS devices.
According to Cisco, the third patch addresses three Secure Shell (SSH) vulnerabilities that exist in the Cisco Service Control Engine (SCE) that may result in system instability or a reload of the SCE. Cisco says the first vulnerability may be triggered during SSH log-in activity with brute force. The second vulnerability may be triggered with normal SSH log-in activity combined with simultaneous other SCE management actions. The third vulnerability may occur during SSH log-in using unique invalid authentication credentials.
Attacks against VoIP systems are becoming popular. At this year's Shmoocon, John Kindervag, senior security architect for Vigilar, saidin hospitals, conference rooms, and hotel rooms are particularly vulnerable to these kinds of attacks.
Bottom line: if you're running Cisco IOS, get the updates today.