Cisco fixes security flaws in appliances

Cisco Systems has addressed flaws in its Adaptive Security Appliance (ASA) and PIX security appliances attackers could exploit to cause a denial of service or bypass authentication.

The networking giant said the flaws include two Lightweight Directory Access Protocol ( LDAP) authentication bypass vulnerabilities and two denial-of-service vulnerabilities. Cisco PIX and ASA appliances provide firewall, intrusion detection, VPN and secure connectivity services.

"The LDAP authentication bypass vulnerabilities are caused by a specific processing path followed when the device is set up to use a LDAP authentication server," Cisco said in an advisory. "These vulnerabilities may allow unauthenticated users to access either the internal network or the device itself."

2007 Readers' Choice awards: Information Security announces finalists for 2007 Readers' Choice awards: This year more than 1,500 readers weighed in on nearly 350 products. Preview the list of finalists; winners will be revealed in the April 2007 issue of Information Security.

The two denial-of-service flaws may be triggered when devices terminate VPNs, the vendor added. These denial-of-service vulnerabilities may allow an attacker to disconnect VPN users, prevent new connections or prevent the device from transmitting traffic.

"These vulnerabilities are distributed in the authentication, IPSec VPN, and SSL VPN code," Cisco said, adding that it has released free software to fix the flaws.

The flaws are serious enough that the United States Computer Emergency Readiness Team (US-CERT) released its own advisory, warning that a remote attacker could gain unauthorized access to the internal network or firewall.

Antivirus giant Symantec also issued a warning to customers of its DeepSight threat management service, saying that to exploit any of these issues, an attacker scans for and locates a vulnerable device. To exploit a denial-of-service vulnerability, the attacker constructs specially crafted network data that can trigger the issue, and then sends it to the affected device. When the data is received and processed by the affected device, it will cause the device to reload, Symantec added.

To exploit the authentication-bypass vulnerability, Symantec said the attacker can construct malicious network traffic and send it to the affected device, bypassing its authentication mechanism.