Software
Services
Security
Hardware
Networking
Mobility
Voice & Data
Storage
Sales & Marketing
Training & Development
Strategy
Finance
Networking
PCs & Servers
Imaging & Printing
Peripherals
Mobility
Components
Software
Security
Login
|
Register
|
Sitemap
|
RSS
Features
|
Galleries
|
Events
|
Awards
|
Magazine
|
Newsletter
|
Subscribe
|
Fast50
Home
>
News
>
Technology
>
Security
>
Aussie researchers discover Cisco vulnerabilities
Security
Aussie researchers discover Cisco vulnerabilities
By
Byron Connolly
Apr 20, 2006 2:59 PM
Tags:
cisco
|
vulnerabilities
|
adam pointon
|
wireless
Australian IT security consultancy Assurance.com.au claims it has taken Cisco almost three months to patch two vulnerabilities which affect the security of several of its products.
Australian IT security consultancy Assurance.com.au claims it has taken Cisco almost three months to patch two vulnerabilities which affect the security of several of its products.
Assurance director, Adam Pointon, says researchers from the company discovered the vulnerabilities when testing a Cisco Wireless LAN Solution Engine at a customer site on January 29.
He said the flaws were reported the problems at the time of discovery, yet Cisco had rectified them as at 1am this morning.
“It did take a while [for a fix],” Pointon said, conceding that Cisco did respond straight away to Assurance's alert to the company on January 29.
Of the two vulnerabilities, he said the most serious was the “show command line interface" vulnerability, which would allow a rogue administrator of a Cisco device to “break out” of Cisco’s restricted management interface and gain privileged access to the underlying Linux-based operating system.
“It’s possible for a rogue administrator to access the underlying operating system by typing one specifically crafted command into Cisco’s restricted, text-based management interface,” Pointon said.
Products affected include the Cisco Wireless Lan Solution Engine (WLSE), Cisco User Registration Tool (URT), CiscoWorks2000 Service Management Solution (SMS), Cisco Hosting Solution Engine (HSE), Ethernet Subscriber Solution Engine (ESSE), Cisco VLAN Policy Server (VPS) and Cisco Management Engine (ME1100 Series) and CiscoWorks Service Level Manager (SLM).
Cisco advised Assurance that the ESSE and SMS carrier-class products were “end of life” and would not be patched, Pointon said. Customers using these products would need to request a fix through customer support.
Neal Wise, another director at Assurance, added that companies needed to understand that devices installed on their networks could provide more than their designed functions if compromised by an attacker.
“If they are not correctly maintained they could become a serious liability to the enterprise,” he said. “They need to be kept as secure as any other network attached computer.”
Assurance also found problems in March last year in an anti-spam and firewall manufactured by Barracuda Networks, Pointon said. This fix took 29 days to be produced.
Cisco’s response to the finding is posted here:
http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml#response.
Related Articles
Cisco, Citrix unveil joint VDI offering to partners
Cisco and Westcon settle dodgy price claim for $52m
Partners all smiles after 'fundamental' Cisco restructure
Cisco to acquire smart grid maker Arch Rock
Breaking Stories
Hostech makes eighth acquisition this year
Dynamic Supplies ordered to report financials
Ellison threatens to end Oracle partnership with HP
Cisco and Westcon settle dodgy price claim for $52m
Cisco, Citrix unveil joint VDI offering to partners
Related Listings
Cisco Systems
North Sydney IT - Cisco Australia
Email this
Print this
Tweet this
Send us your tips
Comments
Be the first to comment on this article.
Thoughts on this article? Add a comment below.
Comment:
Want to participate in the discussion?
Register for FREE
Or
log in
now to comment
Ads by Google
Top Stories
IP telephony: Demand picks up, how to sell
Smarter phone systems are becoming the new standard.
NBN Co, Conroy back in business
Gillard, Coalition, Greens have their say.
Cisco, Citrix unveil joint VDI offering to partners
Cisco shows that UCS remains a platform open to multi-vendor technology partnerships.
Most Read
|
Most Discussed
Acer gives resellers first bite of smartphones
HP dumps ProCurve, 3Com brands, cuts cost of training
Partners all smiles after 'fundamental' Cisco restructure
Excom shuts its doors
Melbourne reseller donates $100,000 on TV
Partners all smiles after 'fundamental' Cisco restructure
Industry 'relieved' over NBN
Shortcuts
all you need to know on...
Latest Comments
"I was very glad in Orange NSW to hear ALP minority government was elected. This will save the ..."
on
Industry 'relieved' over NBN
by
wwwalker
Sep 8, 2010 6:39 PM
"We always enjoyed this relationship with IronPort so it's nice to see Cisco fnally getting with ..."
on
Partners all smiles after 'fundamental' Cisco restructure
by
Jonbays
Sep 7, 2010 11:31 AM
"I would buy this only if when driving with the Ferrari Bluetooth in your ear you heard random ..."
on
Acer gives resellers first bite of smartphones
by
nevetsg
Sep 2, 2010 11:17 AM
""They beat our jammers using oscilloscopes" Really? Never underestimate the power of a CRO"
on
Wikileaks founder not smeared: former spy
by
Argus.Tuft
Sep 2, 2010 10:39 AM
"@ai-u - If you had bothered to read my post, you would have seen that it refers to regional ..."
on
Gillard cautions against "savage" NBN cuts
by
gnome
Sep 1, 2010 5:16 PM
Polls
Acer's just released smartphone will
eat the iPhone for breakfast
drown among Android rivals
be loved only by Ferraristis
|
View results
eat the iPhone for breakfast
5%
drown among Android rivals
70%
be loved only by Ferraristis
25%
TOTAL VOTES: 20
Vote now
view previous polls »
CRN Magazine
Issue:
283
|
September
CRN Magazine looks in-depth at the emerging issues and developments for the Channel, and provides insight, analysis and strategic information to help resellers better run their businesses.
What's in this issue?
Subscribe Now!