Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Confirmed Cisco vulnerability

Confirmed Cisco vulnerability

by Nikola Strahija on February 9th, 2006 Eldon Sprickerhoff, the security expert who presented the Cisco VPN vulnerability, states that all versions of Cisco VPN concentrators running WebVPN are vulnerable.


The exploit was confirmed on Friday, when Sprickerhoff successfully launched a DoS attack on a test installation of the concentrator running the problematic patch.

The flaw is triggered by a relatively small stream directed to TCP/80 which causes the concentrator running the webVPN service to drop all its connections.

-Cisco has been contacted by Eldon Sprickerhoff with additional information about our recent Cisco VPN 3000 Series Concentrator security advisory. As a result, the Cisco product security incident response team (PSIRT) has been working directly with Mr. Sprickerhoff on this issue. Cisco PSIRT is still investigating this issue with additional research and testing and expect to update the security advisory accordingly and as necessary. Customers should take the recommended steps as outlined in the current security advisory to protect themselves from the potential impact of this vulnerability, said Cisco in its advisory.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »