Australia's national Computer Emergency Response Team warned of a new vulnerability announced today by Cisco which, if exploited, could deny access to Internet and networking services for many organisations.

"This is potentially a serious vulnerability which affects critical Internet devices. Our biggest problem is we don't really know how difficult this vulnerability is to exploit or how long it will be before an attacker learns how to exploit the vulnerability", according to AusCERT's general manager, Graham Ingram.

"While this is a potentially serious vulnerability it is also reasonably easy to protect against by following the recommended mitigation strategies in the Cisco advisory.

"For unprotected systems, if an attacker works out the right sequence of data and publicises this information, then the potential for attackers to launch harmful attacks against routers will increase. This could happen tomorrow, next week or next year.

"The most important thing for organisations to consider is what is the risk - not only to themselves but to other Internet users who are dependent on their networks? Can they afford for their Internet connected services to be cut-off and do they want to take the chance that an attacker will exploit this vulnerability later rather than sooner?

"Hopefully, by now most backbone providers will have already taken the necessary steps to protect their routers. If so, then smaller Internet Service Providers, telecommunication providers and organisations using routers and switches running the Cisco IOS software are the ones currently most at risk.

"On the positive side, if an organisation's router or switch is attacked, there are steps that can be taken to manually correct the problem and resume services so we don't expect widespread and sustained outages to occur. For most organisations, the greatest risk will be localised. That is, it could affect their organisation's ability to use Internet services or for others to communicate with them via the Internet" Ingram said.

AusCERT's comments follow the public release of a Cisco advisory today which reports that Cisco routers and switches running Cisco IOS software and configured to process IPv4 packets are vulnerable to denial of service attacks. IPv4 is the most common Internet Protocol in use and is configured by default.