Cisco, vendors scramble to fix VPN vulnerablities

By

A vulnerability in virtual private networks (VPNs) from several large vendors could leave large parts of the internet open to denial of service attacks, numerous software companies warned Tuesday.

Scientists at Finland's University of Oulu first warned of the vulnerabilities to products from Cisco, Juniper, 3Com and other companies on Monday.


A joint advisory from the Finnish Communications Regulatory Authority and the British National Infrastructure Security Coordination Center said Tuesday that users should seek fixes from their vendors for this weakness.

"These flaws may expose denial of service conditions, format string vulnerabilities and buffer overflows," the advisory warned. "In some cases, it may be possible for an attacker to execute code." Cisco also warned users on Tuesday, saying it affected versions of its PIX Firewall, IOS and VPN 3000 Series Concentrators.

"Successful exploitation of the vulnerability on the Cisco MDS Series may result in the restart of the (internet key exchange) process," the vendor warned. "All other Cisco MDS device operations will continue normally."

www.niscc.gov.uk
www.cisco.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?