Cisco warns of ASA, PIX vulnerabilities; acknowledges DoS vulnerablities in TCP

Cisco is warning of multiple security holes in its ASA 5500 Series Adaptive Security Appliances and Cisco

PIX Security Appliances. It also issued a security response that acknowledges multiple vulnerabilities involving the  manipulation of TCP state table information. The ASA and PIX vulnerabilities include Windows NT domain authentication bypass, IPv6 denial-of-service (DoS), and crypto accelerator memory leak, according to Cisco's latest security advisory. The comany says the vulnerabilities are independent of each other. Software updates and workarounds are available at Cisco's Web site.

Cisco on Friday issued a security response that acknowledges the multiple DoS vulnerabilities involving the manipulation of TCP state table information. The vulnerabilities were presented by Robert E. Lee and Jack Louis of Outpost24, according to Cisco in the security response. Cisco says the TCP vulnerabilities reported by Outpost24 are an extension of well-known weaknesses in the protocol and that an attacker must complete a TCP three-way handshake to a device to successfully exploit the DoS vulnerabilities. The company says it is possible to mitigate the risk of these vulnerabilities by allowing only trusted sources to access TCP-based services. More info at Cisco's Web site.

More Cisco Security Responses

More Cisco Security Alerts

More from Cisco Subnet:Cisco refreshes CCIE security lab examCisco Attendant Console end-of-sale announcementVegas casino networked slot machines with Cisco EthernetCisco training intitiative aims to develop CCIE talent in IndiaCisco channel partners can now shave up to 61% off talent recruiting costsCatching USB data thievesInsider’s view on how to decide what Cisco code versions to run



Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.


Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022