Cisco warns users of router software 'leaking' packets

Cisco's assertion that its routers running IOS version 12 can be a viable alternative to firewalls in branch offices, has been further undermined by the exposure of a flaw which may cause input access list filters to 'leak' packets.

A group of related software bugs may cause input access list filters to 'leak' packets in certain NAT configurations, creating a security exposure.

The severity of the impact may vary, depending on the device type, configuration and environment, from sporadic leakage of occasional packets to consistent leakage of significant classes of packets.

Cisco has admitted that the vulnerability may allow hackers to completely circumvent corporate security. In a security notice it admitted: "No particular tools, skills, or knowledge are needed for such opportunistic attacks.

The conditions that trigger this vulnerability may be frequent and long-lasting."

Cisco routers in the 17xx, 26xx, 36xx and 75xx family running IOSv12 are affected. Software fixes are being created for this vulnerability, but are not yet available for all software versions.