CertCities.com -- The Ultimate Site for Certified IT Professionals
Register today for a Free Sponsored Tech Library Webcast and you could WIN! Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets

CertCities.com
Let us know what you
think! E-mail us at:
 
 
...Home ... Editorial ... News ..News Story Tuesday: December 28, 2010


Cisco Addresses Security Vulnerabilities


4/13/2004 -- It's been a busy week on the security front for Cisco Systems Inc., which disclosed or updated information about three very different vulnerabilities that affect a range of its products.

Last Wednesday, Cisco disclosed a new vulnerability in its Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. WLSE is management appliance that manages Ciscos Aironet Wireless-Fidelity (Wi-Fi) products, while HSE is a network management appliance for Cisco-based datacenters.

Cisco said that an attacker could exploit the new vulnerability to gain complete control of the devices. Once handed the keys to the kingdom, so to speak, attackers can make changes to a devices configuration, add new users, or change the privileges of existing users. Cisco said that the vulnerability affects WLSE 2.0, 2.0.2, and 2.5, as well as HSE 1.7 through 1.7.3.

The problem can only be fixed by means of a software update patch, which is available here for WLSE and here for HSE.

Elsewhere last week, Cisco announced a new vulnerability in its Cisco IP Security (IPSec) VPN Services Module (VPNSM) that could expose members of its Catalyst switch and router families to denial of service (DoS) attack.

VPNSM is a high-speed module designed to provide IPSec VPN services for Ciscos Catalyst 6500 Series switches and 7600 Series routers. An attacker can exploit a malformed Internet Key Exchange (IKE) packet to cause Catalyst 6500 Series switches or 7600 Series routers with VPNSM installed, of course to crash and reload, Cisco said. Customers must download a software fix and patch vulnerable units manually.

Finally, Cisco updated a security notice that it first released in August of 2003, which dealt with the possibility of a dictionary attack exploit of Cisco LEAP, a mutual authentication algorithm that supports dynamic derivation of system keys. Yesterday, Cisco announced the availability of EAP-Flexible Authentication via Secure Tunneling (EAP-FAST), which lets users deploy an 802.1X Extensible Authentication Protocol (EAP) solution that is not vulnerable to dictionary attacks and which does not require the use of digital certificates. -Stephen Swoyer

There is 1 CertCities.com user Comments for “Cisco Addresses Security Vulnerabilities”
Page 1 of 1
4/13/04: Becky Nagel from Editor, CertCities.com and TCPMag.com says: CORRECTION: This story was corrected today at 1:40 P.M PDT to show that WLSE is a management appliance, and is not embedded within Cisco Aironet devices, as previously stated. We apologize for this error.
Your comment about: “Cisco Addresses Security Vulnerabilities”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top
Home | Microsoft® | Cisco® | Oracle® | A+/Network+" | Linux/Unix | MOS | Security | List of Certs
Advertise | Contact Us | Contributors | Features | Forums | News | Pop Quiz | Tips | Press Releases | RSS Feeds RSS Feeds from CertCities.com
Search | Site Map | Redmond Media Group | TechMentor Conferences | Tech Library Webcasts
This Web site is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc., Microsoft Corp., Oracle Corp., The Computing Technology Industry Association, Linus Torvolds, or any other certification or technology vendor. CiscoÆ and Cisco SystemsÆ are registered trademarks of Cisco Systems, Inc. Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corp. OracleÆ is a registered trademark of Oracle Corp. A+Æ, i-Net+T, Network+T, and Server+T are trademarks and registered trademarks of The Computing Technology Industry Association. (CompTIA). LinuxT is a registered trademark of Linus Torvalds. All other trademarks belong to their respective owners.
Reprints allowed with written permission from the publisher. For more information, e-mail
Application Development Trends | Campus Technology | CertCities.com | The Data Warehousing Institute
E-Gov | EduHound | ENTmag.com | Enterprise Systems | Federal Computer Week | FTPOnline.com | Government Health IT
IT Compliance Institute | MCPmag.com | Recharger | Redmond Developer News | Redmond | Redmond Events | Redmond Channel Partner | Redmond Report
TCPmag.com | T.H.E. Journal | Virtualization Review | Visual Studio Magazine | VSLive!
Copyright 1996-2009 1105 Media, Inc. See our Privacy Policy.
1105 Redmond Media Group