Cisco Warns of ASA, PIX Flaws
- By Stephen Swoyer
- September 09, 2008
Cisco Systems Inc. last week warned
of multiple vulnerabilities
in its Cisco ASA 5500 Series and Cisco PIX security
appliances that could trigger denial of service (DoS) or result in information
Cisco identified five flaws, all of which are independent of one another.
An attacker who successfully exploits four of the new issues -- an erroneous
SIP processing vulnerability, an IPSec client authentication processing vulnerability,
an SSL VPN memory leak vulnerability or an SSL VPN URI processing error vulnerability
-- can trigger a device reboot. An attacker who repeatedly causes a device to
reboot can effect a DoS attack, Cisco warned.
The information disclosure vulnerability stems from a flaw in the way in which
the affected Cisco devices handle clientless SSL VPN sessions. An attacker who
successfully exploits this vulnerability could obtain user and group credentials,
assuming that he or she somehow turns up a "rogue system or document."
The vulnerabilities were privately reported by customers, according to Cisco.
Cisco has released software updates for both its ASA
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.