Network World
Friday, November 21, 2008
DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Cisco Subnet Blog

Cisco Subnet

Navigation

Cisco warns of flaws in Cisco ASA 5500, PIX, Cisco Secure ACS

Cisco is warning of multiple security holes in its security appliances that if exploited, could result in a reload of the devices or disclosure of confidential information. The company has also issued a fix to a vulnerability in its Cisco Secure Access Control Server, that was discovered by external security researchers.

Holes exists in the Cisco ASA 5500 Series Adaptive Security Appliances and the Cisco PIX Security Appliances. The problems involve SIP processing, IPSec client authentication processing, SSL VPN memory leak, URL processing error vulnerability in SSL VPNs, and potential information disclosure in clientless VPNs, reports Cisco. The vulnerabilities are independent of each other, Cisco says. Cisco has released fixes to address the vulnerabilities and has made workaround available on its site.

Cisco has fixed a flaw in its Cisco Secure ACS that was discovered by researchers at Orange Labs/France Telecom Group. A specially crafted Remote Authentication Dial In User Service (RADIUS) Extensible Authentication Protocol (EAP) Message Attribute packet could crash the ACS' CSRadius and CSAuth processes if it is sent to the device. Cisco says the RADIUS shared secret and a valid known Network Access Server (NAS) IP address must be known to carry out this exploit. Details about how to obtain the fix are in the Cisco security alert at Cisco's Web site.

More Cisco Security Advisories

More Cisco Security Responses

More from Cisco Subnet: 
Former Cisco exec Jayshree Ullal turns up at a security SaaS start-up
* Network World's exclusive test of Cisco Nexus 7000
* Building Your Own DarkNet
* Cisco Home Networking Contest
Where's Cisco's promised wide-area application engine that won Interop?
In depth series: Cisco Unified Communications Manager call routing
* Useful resources for Cisco networking engineers
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more. 

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <i> <b> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <br /> <br> <p>
  • Lines and paragraphs break automatically.
  • You can use BBCode tags in the text.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

About the Cisco Subnet Blog

RSS feed Blog archive.

The Cisco Subnet blog is the official blog of the Network World Cisco Subnet community, managed by Editor Linda Leung. Cisco Subnet is the independent voice of Cisco customers and is your gateway to daily Cisco news, blogs, opinion, books, prize giveaways and more. Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.

LAN & WAN news

RSS feed (WAN community)

The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.

Advertisement: