News

Cisco Warns of ASA, PIX Flaws

Cisco Systems Inc. last week warned of multiple vulnerabilities in its Cisco ASA 5500 Series and Cisco PIX security appliances that could trigger denial of service (DoS) or result in information disclosure.

Cisco identified five flaws, all of which are independent of one another.

An attacker who successfully exploits four of the new issues -- an erroneous SIP processing vulnerability, an IPSec client authentication processing vulnerability, an SSL VPN memory leak vulnerability or an SSL VPN URI processing error vulnerability -- can trigger a device reboot. An attacker who repeatedly causes a device to reboot can effect a DoS attack, Cisco warned.

The information disclosure vulnerability stems from a flaw in the way in which the affected Cisco devices handle clientless SSL VPN sessions. An attacker who successfully exploits this vulnerability could obtain user and group credentials, assuming that he or she somehow turns up a "rogue system or document."

The vulnerabilities were privately reported by customers, according to Cisco.

Cisco has released software updates for both its ASA and PIX platforms.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Windows 10 Mobile To Fall Out of Support in December

    Microsoft will end support for the Windows 10 Mobile operating system on Dec. 10, 2019, according to an announcement.

  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.