News

Cisco Warns of ASA, PIX Flaws

Cisco Systems Inc. last week warned of multiple vulnerabilities in its Cisco ASA 5500 Series and Cisco PIX security appliances that could trigger denial of service (DoS) or result in information disclosure.

Cisco identified five flaws, all of which are independent of one another.

An attacker who successfully exploits four of the new issues -- an erroneous SIP processing vulnerability, an IPSec client authentication processing vulnerability, an SSL VPN memory leak vulnerability or an SSL VPN URI processing error vulnerability -- can trigger a device reboot. An attacker who repeatedly causes a device to reboot can effect a DoS attack, Cisco warned.

The information disclosure vulnerability stems from a flaw in the way in which the affected Cisco devices handle clientless SSL VPN sessions. An attacker who successfully exploits this vulnerability could obtain user and group credentials, assuming that he or she somehow turns up a "rogue system or document."

The vulnerabilities were privately reported by customers, according to Cisco.

Cisco has released software updates for both its ASA and PIX platforms.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

  • Managing Multiple Remote Connections in One Place with mRemoteNG

    If you're juggling multiple remote connections daily, this is the utility for you. Brien walks through the steps to use mRemoteNG, from installation to deployment.

  • Microsoft Unveils Plan To Push Bing to Office 365 ProPlus Users

    Microsoft on Tuesday unveiled plans to deliver an extension that will change the default search engine to Bing in both Google Chrome and Mozilla Firefox browsers for Office 365 ProPlus subscribers.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.