December 16, IDG News Service
Cisco issued two security advisories on Monday, December 15.
Certain versions of the PIX firewall can be crashed and restarted in a denial of service (DoS) attack when they receive messages using the SNMP version 3 (SNMPv3) protocol. An SNMP server must be defined for the Cisco firewall in order for SNMPv3 attack to succeed, Cisco said: http://www.cisco.com/warp/public/707/cisco−sa−20031215−pix.s html.
Catalyst switches running the Cisco Firewall Services Module (FWSM) are also vulnerable to DoS attacks using SNMPv3. A buffer overflow vulnerability discovered in the FWSM could allow a malicious hacker using either RADIUS (Remote Authentication Dial−In User Service ) or TACACS+ (Terminal Access Controller Access Control System) to crash a Cisco firewall with a user authentication request sent using HTTP, Cisco said: http://www.cisco.com/warp/public/707/cisco−sa−20031215−fwsm. shtml. PIX firewalls running software versions 6.3.1, 6.2.2 and earlier, version 6.1.4 and earlier and version 5.x.x and earlier are all vulnerable to the SNMPv3 security hole, as are Catalyst 6500 and 7600 series switches running FWSM software up to and including version 1.1.2. Catalyst switches running FWSM software up to and including version 1.1.2 are also vulnerable to the HTTP authentication vulnerability.
Source: http://www.infoworld.com/article/03/12/16/HNciscopix_1.html
Cisco issued two security advisories on Monday, December 15.
Certain versions of the PIX firewall can be crashed and restarted in a denial of service (DoS) attack when they receive messages using the SNMP version 3 (SNMPv3) protocol. An SNMP server must be defined for the Cisco firewall in order for SNMPv3 attack to succeed, Cisco said: http://www.cisco.com/warp/public/707/cisco−sa−20031215−pix.s html.
Catalyst switches running the Cisco Firewall Services Module (FWSM) are also vulnerable to DoS attacks using SNMPv3. A buffer overflow vulnerability discovered in the FWSM could allow a malicious hacker using either RADIUS (Remote Authentication Dial−In User Service ) or TACACS+ (Terminal Access Controller Access Control System) to crash a Cisco firewall with a user authentication request sent using HTTP, Cisco said: http://www.cisco.com/warp/public/707/cisco−sa−20031215−fwsm. shtml. PIX firewalls running software versions 6.3.1, 6.2.2 and earlier, version 6.1.4 and earlier and version 5.x.x and earlier are all vulnerable to the SNMPv3 security hole, as are Catalyst 6500 and 7600 series switches running FWSM software up to and including version 1.1.2. Catalyst switches running FWSM software up to and including version 1.1.2 are also vulnerable to the HTTP authentication vulnerability.
Source: http://www.infoworld.com/article/03/12/16/HNciscopix_1.html