Cisco Systems is reporting that two of its key security products, the Cisco VPN 3000 Concentrator 
and much of its firewall line, could be vulnerable to attack. The two vulnerability reports and forthcoming patches are unusual for Cisco, which unlike Microsoft, has only issued one other security advisory since the end of May. Cisco even challenged a vulnerability presented at the Black Hat conference last month.
Cisco says it does not know of any attacks yet that exploit the bugs, "although we are aware that some customers have been impacted" by the firewall software bug."
The firewall vulnerability, which was discovered by Terje Bless from Norwegian research house Helse Nord IKT, affects most of Cisco’s product line, including the Cisco PIX 500 Series, the ASA 5500 Series, and the Firewall Services Module embedded in the Catalyst 6500 switches and the 7600 Series routers. The flaw, which involves an automated password change, could allow intruders to access these devices, or it could lock administrators out, the company says. Dark Reading - Cisco - Cisco Reports New Vulnerabilities - Security News Analysis
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag