Tag: Vunerability
Cisco Vulnerabilities - Its a Big Day
by admin on May.23, 2007, under Networking, Security
There are two major Denial-of-Service (DoS) advisories out today.
Affects:
Cisco Crypto Library Vulnerability
Affects:
Cisco Security Advisory - IPS/IOS
by admin on May.15, 2007, under Networking, Security
The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:
http://www.kb.cert.org/vuls/id/739224
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall.
This response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml
Vulnerability in Cisco PIX and ASA Appliances
by admin on May.04, 2007, under Networking, Security
Cisco confirms the memory exhaustion vulnerability as per the advisory published by CERT/CC and confirms this vulnerability impacts the PIX and ASA appliance for system software 7.2 only. Exploitation of the vulnerability may lead to a Denial of Service condition against the appliance.
The Firewall Services Module (FWSM) is not affected by this vulnerability.
PSIRT would like to thank Grant Deffenbaugh and Lisa Sittler from the CERT/CC for reporting this vulnerability to Cisco.
We greatly appreciate the opportunity to work with researchers on security vulnerabilities, and welcome the opportunity to review and assist in security vulnerability reports against Cisco products.
