Monday October 13, 2008 10:57 PM AEST

SC Magazine Australia/NZ > News > Vulnerabilities & Exploits > Web > Cisco warns of more router vulnerabilities

Vulnerability Alerts

SANS

Microsoft

Microsoft Security Bulletin Advance Notification for October 2008
Microsoft Security Advisory (951306): Vulnerability in Windows Could Allow Elevation of Privilege

CERT/CC

Latest Comments

"very good"

on Akonix RogueAware

by abc | Oct 13, 2008 7:42 PM

"It sounds very good if it lives up to the statements"

on Kaspersky sends SOS to crack 1024 bit encryption key

by John Williams | Oct 11, 2008 11:57 AM

"Any good log system is going to be modular (separate from the web site itself), and more than ..."

on Popular porn site hacked by prudes

by Russ | Oct 9, 2008 7:21 PM

"Good"

on Yahoo patches Messenger ActiveX control flaws

by Francis Ayitey | Oct 6, 2008 10:48 AM

"With regard to the battle against cybercrime, Kaspersky Labs, the creator of the famous and ..."

on Eugene Kaspersky on the cybercrime arms race

by Mr. Anonymous | Oct 4, 2008 9:08 AM

Web

Cisco warns of more router vulnerabilities

According to a company advisory issued Tuesday, the IPS component of Cisco’s IOS (internetworking operating system), the more serious of the two flaws may allow malicious traffic to be delivered as IP packets to bypass signature detection.

"This could allow protected systems to be covertly attacked," the advisory said.

The other vulnerability could lead to a DoS condition and a system crash if certain network traffic uses the "regular expression feature of the ATOMIC.TCP signature engine."

Vulnerability tracking firm Secunia rated the two bugs "moderately critical" today.

In lieu of a patch, Cisco said there is a mitigation and workaround, respectively, for the two vulnerabilities.

The IPS detects for and attempts to block malicious traffic in real time. IOS software is largely used in Cisco routers and switches. The vulnerable IOS versions are 12.3 and 12.4.

Cisco also reported today numerous vulnerabilities impacting its PIX (private internet exchange), ASA (adaptive security appliance), and FWSM (firewall services module) products. Only one of the flaws could lead to the remote execution of code, the company said in another advisory.

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Vulnerabilities & Exploits Whitepapers

Cisco warns of more router vulnerabilities

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management