1/25/2005 -- Cisco reported Wednesday that denial-of-service (DoS) attacks could be launched against Cisco IP routers running certain telephony features that are a part of Internetwork Operating Software (IOS), the company’s network infrastructure software.

The features—IOS Telephony Service, CallManager Express and Survivable Remote Site Telephony—all utilize Skinny Call Control Protocol (SCCP), the native signaling protocol for CallManager. If certain malformed packets are sent to the SCCP port of a device running these IOS features, the device may reload; repeated exploitation of this vulnerability could result in a DoS attack.

The security advisory from Cisco also noted that the vulnerability affects only those routers using IOS software release trains 12.1YD, 12.2T, 12.3 and 12.3T.

Fixed or upgraded versions of the IOS software are available for free from Cisco and third-party vendors. For more information, go here. -Dan Hong