Cisco, vendors scramble to fix VPN vulnerablities

By

A vulnerability in virtual private networks (VPNs) from several large vendors could leave large parts of the internet open to denial of service attacks, numerous software companies warned Tuesday.

Scientists at Finland's University of Oulu first warned of the vulnerabilities to products from Cisco, Juniper, 3Com and other companies on Monday.


A joint advisory from the Finnish Communications Regulatory Authority and the British National Infrastructure Security Coordination Center said Tuesday that users should seek fixes from their vendors for this weakness.

"These flaws may expose denial of service conditions, format string vulnerabilities and buffer overflows," the advisory warned. "In some cases, it may be possible for an attacker to execute code." Cisco also warned users on Tuesday, saying it affected versions of its PIX Firewall, IOS and VPN 3000 Series Concentrators.

"Successful exploitation of the vulnerability on the Cisco MDS Series may result in the restart of the (internet key exchange) process," the vendor warned. "All other Cisco MDS device operations will continue normally."

www.niscc.gov.uk
www.cisco.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?