Cisco statement about SSL VPN Vulnerability is awfully hard to find

Juniper's statement is linked to the US-CERT page; Cisco's appears missing in action.

Update 12/04/09

On the day after this blog story was originally published, Cisco made a US-CERT vendor statement that in my opinion is very helpful to legions of loyal Cisco customers (as shown in the below screenshot):

US-CERT: Cisco Vendor Statement Screenshot

Thank you Cisco!

Sincerely and most gratefully yours,

Brad Reese

----------------------------------------------------------------
----------------------------------------------------------------

The Department of Homeland Security's U.S. Computer Emergency Readiness Team, US-CERT, has issued a warning on its website that certain networking products from Cisco and Juniper and three other vendors are vulnerable to an exploit in which hackers could gain broad access to corporate networks, then steal confidential data, install malicious software or turn PCs into spam servers.

All five vendors, including Cisco and Juniper, were notified about this vulnerability on the same date, September 24.

Juniper issued its statement on November 30, as did Cisco. I'm wondering why Cisco's statement is still missing in action on the US-CERT site making it easy to find information about this vulnerability?

Interestingly, a Network World reader supplied the following helpful link from Cisco:

Clientless Browser-Based VPN Same Origin Bypass Vulnerability

Nonetheless, a search on Cisco's website returns - no results for VU#261869.

View Vulnerability Note VU#261869 without frames

Original Cisco #VU261869 Screenshot:
(which was updated on 12/04/09 with Cisco's vendor statement)

To be fair, of the five vendors with products that US-CERT says are known to be vulnerable, Cisco's the only one that has information available from the US-CERT web page as of the date of this blog post.

SafeNet is another.

Do you think Cisco should make its statement easier to find?

BradReese.Com Cisco Refurbished - Enabling Affordable Cisco Networks

Check with us, when you have failed Cisco equipment. We repair Cisco at the component level.

Contact: Brad Reese

1. Cisco's worldwide Routing and Switching CCIE count falls by -48
2. Alcatel-Lucent takes bite out of Cisco's SP edge router market share
3. Are Cisco emerging market product sales in a free fall?
4. How much revenue growth did Cisco really earn from Flip and TelePresence?
5. How-to configure Cisco Flexible NetFlow for NBAR exports
6. Cisco leads Avaya in Q3CY09 telephony system shipments
7. Cisco CEO John Chambers is selectively hiring on certain projects
8. Cisco shareholders insist on having a say on executive compensation
9. Cisco raised a big stink over losing a longtime customer's $3.5M network upgrade deal to HP
10. Verbal and visual mashup of HP's reasons for buying 3Com
11. My theory on when to buy Cisco stock and when to sell
12. Father of SIP bolts Cisco for Skype
13. Cisco UC customers appear S.O.L. when in comes to deploying Windows 7
14. Impressing Skype's buyout investors, Mike Volpi bragged he could get Cisco's top stars to jump ship
15. John Chambers: Is America's best leader an investor's nightmare?
16. Growth of the China CCIE count goes negative by -9
17. Will the Cisco ASR 9000 kill the Juniper MX960?
18. America's Best Leaders 2009: John Chambers led one of the biggest comebacks of modern times
19. What are key Cisco NetFlow limitations?
20. View Brad Reese on Cisco Story Archives

• Cisco
• LANs / WANs
• Security
• Department of Homeland Security's U.S. Computer Emergency Readiness Team
• US-CERT