News

Cisco Warns of ASA, PIX Flaws

Cisco Systems Inc. last week warned of multiple vulnerabilities in its Cisco ASA 5500 Series and Cisco PIX security appliances that could trigger denial of service (DoS) or result in information disclosure.

Cisco identified five flaws, all of which are independent of one another.

An attacker who successfully exploits four of the new issues -- an erroneous SIP processing vulnerability, an IPSec client authentication processing vulnerability, an SSL VPN memory leak vulnerability or an SSL VPN URI processing error vulnerability -- can trigger a device reboot. An attacker who repeatedly causes a device to reboot can effect a DoS attack, Cisco warned.

The information disclosure vulnerability stems from a flaw in the way in which the affected Cisco devices handle clientless SSL VPN sessions. An attacker who successfully exploits this vulnerability could obtain user and group credentials, assuming that he or she somehow turns up a "rogue system or document."

The vulnerabilities were privately reported by customers, according to Cisco.

Cisco has released software updates for both its ASA and PIX platforms.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.