Cisco has announced a patch for a vulnerability affecting its routers and call management software. Meanwhile, Finnish security firm F-Secure has issued a warning regarding security risks in its antivirus program.
The router flaw impacts all devices operating on the IOS system from Cisco or SGBP— the protocol that supports network access management via Cisco products. Johannes Ullrich, the Director of Research at the US-based SANS Institute, believes that the vulnerability may not significantly affect many users since SGBP is not widely used.
Two other issues are related to the Call Manager software, which specializes in managing VoIP calls. Criminals could exploit these vulnerabilities to execute Distributed Denial of Service (DDoS) attacks or gain unauthorized access to systems running Call Manager.
“You need to upgrade with the patch, but proceed with caution. If Call Manager encounters issues, your company will be unable to use Internet phone services for several days,” Ullrich advises.
Meanwhile, F-Secure has acknowledged a flaw in its AV software package that poses a risk of enabling hackers to run arbitrary commands on compromised systems, via ZIP and RAR files containing malicious programs.
These files can bypass all AV products and cause buffer overflow errors on Windows and Linux systems. A spokesperson for F-Secure confirmed that, as of now, there have been no reported attacks.
F-Secure does not automatically update patches in Linux like it does for Windows; therefore, users of this operating system must regularly check the company’s website to download fixes.
