Cisco is warning of multiple security holes in its security appliances that if exploited, could result in a 
reload of the devices or disclosure of confidential information. The company has also issued a fix to a vulnerability in its Cisco Secure Access Control Server, that was discovered by external security researchers.
Holes exists in the Cisco ASA 5500 Series Adaptive Security Appliances and the Cisco PIX Security Appliances. The problems involve SIP processing, IPSec client authentication processing, SSL VPN memory leak, URL processing error vulnerability in SSL VPNs, and potential information disclosure in clientless VPNs, reports Cisco. The vulnerabilities are independent of each other, Cisco says. Cisco has released fixes to address the vulnerabilities and has made workaround available on its site.
Cisco has fixed a flaw in its Cisco Secure ACS that was discovered by researchers at Orange Labs/France Telecom Group. A specially crafted Remote Authentication Dial In User Service (RADIUS) Extensible Authentication Protocol (EAP) Message Attribute packet could crash the ACS' CSRadius and CSAuth processes if it is sent to the device. Cisco says the RADIUS shared secret and a valid known Network Access Server (NAS) IP address must be known to carry out this exploit. Details about how to obtain the fix are in the Cisco security alert at Cisco's Web site.
More Cisco Security Advisories
More from Cisco Subnet:
* Former Cisco exec Jayshree Ullal turns up at a security SaaS start-up
* Network World's exclusive test of Cisco Nexus 7000
* Building Your Own DarkNet
* Cisco Home Networking Contest
* Where's Cisco's promised wide-area application engine that won Interop?
* In depth series: Cisco Unified Communications Manager call routing
* Useful resources for Cisco networking engineers
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.
The Cisco Subnet blog is written by Network World managing editor Jim Duffy and is the official blog of Network World's Cisco Subnet community. The Cisco Subnet site is managed by Online Community Editor Julie Bort. Cisco Subnet is the independent voice of Cisco customers and is your gateway to daily Cisco news, blogs, opinion, books, prize giveaways and more. Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
The Leader in Network Knowledge
