Cisco has identified and patched security problems in their VoIP IP telephony system. The move is in response to the discovery of potential exploits that can allow hackers to mount denial of service attacks - in theory, at least.

The vulnerability affects versions of Cisco's core Internetwork Operating System (IOS) software configured for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) services. By sending malformed control messages a cracker could cause devices such as VoIP routers running the vulnerable software to reload. The trick could be exploited repeatedly to create a Denial of Service (DoS) attack against targeted networks.

Cisco has an advisory here which fully discusses the problem, along with free software upgrades, and with advice on suggested workarounds.