Cisco has kicked off its biannual patching frenzy by revealing five vulnerabilities to IOS, the operating system on which its routers run.

The vulnerabilities are, according to security researchers Secunia, "moderately critical". They could lead to a denial of service attack against the organisation concerned, or manipulation of data.

Cisco says customers should apply the software updates it has made available.

The vulns were revealed yesterday in Cisco's first biannual IOS security advisory. It has moved to a regular six-monthly cycle to make it more predictable for customers.

Microsoft and Oracle already produce regular patches, on a monthly and quarterly basis respectively.

Cisco says it will release IOS security advisories out-of-cycle if a serious vulnerability is publicly disclosed, or if bugs become at risk of active exploitation. All the company's other product advisories, including those for its IP telephony equipment, will be released as and when necessary.

The next scheduled IOS advisory is due in the fourth week of September. ®