Cisco IOS software has 10 vulnerabilities making it susceptible to Denial of Service (DOS) attacks. Yesterday Cisco released patches to fix all 10 issues.
The problem exists in Cisco IOS executions of the Network Time Protocol (NTP), the Internet Key Exchange protocol, the Dynamic Host Configuration Protocol (DHCP), the Resource Reservation Protocol (RSVP), the virtual fragmentation reassembly (VFR) feature for IP version 6 (IPv6), the Zone-Based Firewall (ZBFW) component, the T1/E1 driver queue and the Network Address Translation (NAT) function for DNS (Domain Name System) and PPTP (Point-to-Point Tunneling Protocol).
The weakness allows an unauthenticated attacker to remotely cause devices to hang, reload, lose connection, and lose their ability to route connections resulting in a denial of service on the Cisco devices with these services enabled.
Cisco’s advisory on this issue is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ntp
No attacks taking advantage of these vulnerabilities have been reported. Cisco discovered the issues during both internal reviews and troubleshooting customer service calls.
It is important to remember that the patches only work if they are applied.