Cisco has kicked off its biannual patching frenzy by revealing five vulnerabilities to IOS, the operating system on which its routers run.

The vulnerabilities are, according to security researchers Secunia, "moderately critical". They could lead to a denial of service attack against the organisation concerned, or manipulation of data.

Cisco says customers should apply the software updates it has made available.

The vulns were revealed yesterday in Cisco's first biannual IOS security advisory. It has moved to a regular six-monthly cycle to make it more predictable for customers.

Microsoft and Oracle already produce regular patches, on a monthly and quarterly basis respectively.

Cisco says it will release IOS security advisories out-of-cycle if a serious vulnerability is publicly disclosed, or if bugs become at risk of active exploitation. All the company's other product advisories, including those for its IP telephony equipment, will be released as and when necessary.

The next scheduled IOS advisory is due in the fourth week of September. ®

Related stories

• Boffin brings 'write once, run anywhere' to Cisco hijacks (5 January 2009)
• Cisco's dirty dozen fight IOS flaws (25 September 2008)
• Cisco ignites the web via WAAS and deformed arms (24 June 2008)
• Cisco-baiting security co goes titsup (20 March 2008)
• Vyatta blows out Cisco routers with study (18 March 2008)
• Cisco hops onto patching treadmill (6 March 2008)
• Cisco takes routers to the edge (4 March 2008)
• US, Canada seize fake Cisco goods (3 March 2008)
• Cisco plugs VoIP malware loophole (15 February 2008)