Cisco warns of ASA, PIX vulnerabilities; acknowledges DoS vulnerablities in TCP

By Jim Duffy on Wed, 10/22/08 - 2:43pm.

Cisco is warning of multiple security holes in its ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. It also issued a security response that acknowledges multiple vulnerabilities involving the manipulation of TCP state table information. The ASA and PIX vulnerabilities include Windows NT domain authentication bypass, IPv6 denial-of-service (DoS), and crypto accelerator memory leak, according to Cisco's latest security advisory. The comany says the vulnerabilities are independent of each other. Software updates and workarounds are available at Cisco's Web site.

Cisco on Friday issued a security response that acknowledges the multiple DoS vulnerabilities involving the manipulation of TCP state table information. The vulnerabilities were presented by Robert E. Lee and Jack Louis of Outpost24, according to Cisco in the security response. Cisco says the TCP vulnerabilities reported by Outpost24 are an extension of well-known weaknesses in the protocol and that an attacker must complete a TCP three-way handshake to a device to successfully exploit the DoS vulnerabilities. The company says it is possible to mitigate the risk of these vulnerabilities by allowing only trusted sources to access TCP-based services. More info at Cisco's Web site.

More Cisco Security Responses

More Cisco Security Alerts

More from Cisco Subnet:
* Cisco refreshes CCIE security lab exam
* Cisco Attendant Console end-of-sale announcement
* Vegas casino networked slot machines with Cisco Ethernet
* Cisco training intitiative aims to develop CCIE talent in India
* Cisco channel partners can now shave up to 61% off talent recruiting costs
* Catching USB data thieves
* Insider’s view on how to decide what Cisco code versions to run
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.