5/21/2007 -- Cisco Systems Inc. last week warned of a vulnerability that affects its Adaptive Security Appliance (ASA) and PIX Security Appliance, as well as its Cisco Intrusion Prevention System (IPS) and Cisco IOS with Firewall/IPS feature sets.

This flaw is actually common to many IPSes and firewalls. It was first disclosed in a vulnerability note published by US-CERT, which indicated that it's possible for an attacker to camouflage an HTTP-based attack by encoding URLs using half-width or full-width Unicode characters. Firewalls and IPSes perform deep packet inspection on HTTP traffic, to be sure, but many don't properly decode URLs that are encoded by means of this method. As a result, US-CERT warned, they might fail to recognize potentially harmful URLs.

In Cisco's case, its affected products can decode full-width and half-width Unicode characters -- although certain characters aren't decoded properly, Cisco warned.

The good news, Cisco says, is that none of its affected products can actually be compromised by such an attack; such products might, however, fail in their primary purpose -- namely, to detect attacks (in this case, an HTTP-based attack) against infrastructure assets.

That's the good news. The bad news is that Cisco hasn't yet developed a fix to address this flaw. Software updates are in the works and will be made available to customers once they're ready, Cisco says. --Stephen Swoyer