Back to Top

Sunday, June 15, 2008

Flaws in the Cisco PIX appliances

Via NetworkWorld (emphasis added):

  • Crafted TCP ACK Packet Vulnerability
  • Crafted TLS Packet Vulnerability
  • Instant Messenger Inspection Vulnerability
  • Vulnerability Scan Denial of Service
  • Control-plane Access Control List Vulnerability

The first four vulnerabilities may lead to a denial of service (DoS) condition and the fifth vulnerability may allow an attacker to bypass control-plane access control lists (ACL). Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another.

I don't know what I'm scared of more: the fact that these types of vulnerabilities exists in devices which should enforce some basic separation between networks or the fact that they have a feature called Instant Messenger Inspection?


Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.