Symantec has warned customers that information about a potential Cisco vulnerability, revealed at the Black Hat conference earlier in the week,   "increases the threat of exploitation." Meanwhile, Cisco published an advisory alerting its users about the vulnerability leveraged in the exploit demonstration.

Michael Lynn, a former Internet Security Systems (ISS) researcher, had quit his job to present his findings at the security conference. His presentation was later omitted from the conference CD. 

Symantec's alert noted that the disclosure "represents a potentially significant threat against existing infrastructure currently deployed." It recommended that enterprises do an immediate audit of existing vulnerabilities in their Cisco hardware and apply the associated patches ASAP.

According to the advisory, IOS is vulnerable to a denial-of-service (DoS) attack, and possibly to a much more dangerous exploit that could actually introduce hacker code remotely, via a specially-crafted IPv6 packet.

"Lynn did not disclose a new vulnerability," said Cisco spokesman John Noh. "But this advisory relates to the vulnerability he discussed at Black Hat."

Cisco said in its advisory said that all its devices running on  "any unfixed version of IOS code that supports, and is configured for, IPv6" are vulnerable. An attack, however, relies on a deliberately built IPv6 packet that must be sent from a local network segment. "This vulnerability can not be exploited one or more hops from the IOS device," Cisco said.