Cisco warns of flaws in Cisco ASA 5500, PIX, Cisco Secure ACS

Cisco is warning of multiple security holes in its security appliances that if exploited, could result in a reload of the devices or disclosure of confidential information. The company has also issued a fix to a vulnerability in its Cisco Secure Access Control Server, that was discovered by external security researchers.

Holes exists in the Cisco ASA 5500 Series Adaptive Security Appliances and the Cisco PIX Security Appliances. The problems involve SIP processing, IPSec client authentication processing, SSL VPN memory leak, URL processing error vulnerability in SSL VPNs, and potential information disclosure in clientless VPNs, reports Cisco. The vulnerabilities are independent of each other, Cisco says. Cisco has released fixes to address the vulnerabilities and has made workaround available on its site.

Cisco has fixed a flaw in its Cisco Secure ACS that was discovered by researchers at Orange Labs/France Telecom Group. A specially crafted Remote Authentication Dial In User Service (RADIUS) Extensible Authentication Protocol (EAP) Message Attribute packet could crash the ACS' CSRadius and CSAuth processes if it is sent to the device. Cisco says the RADIUS shared secret and a valid known Network Access Server (NAS) IP address must be known to carry out this exploit. Details about how to obtain the fix are in the Cisco security alert at Cisco's Web site.

More Cisco Security Advisories

More Cisco Security Responses

More from Cisco Subnet: 
* Former Cisco exec Jayshree Ullal turns up at a security SaaS start-up
* Network World's exclusive test of Cisco Nexus 7000
* Building Your Own DarkNet
* Cisco Home Networking Contest
* Where's Cisco's promised wide-area application engine that won Interop?
* In depth series: Cisco Unified Communications Manager call routing
* Useful resources for Cisco networking engineers
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.