Flaws in the Cisco PIX appliances


Via NetworkWorld (emphasis added):

  • Crafted TCP ACK Packet Vulnerability
  • Crafted TLS Packet Vulnerability
  • Instant Messenger Inspection Vulnerability
  • Vulnerability Scan Denial of Service
  • Control-plane Access Control List Vulnerability

The first four vulnerabilities may lead to a denial of service (DoS) condition and the fifth vulnerability may allow an attacker to bypass control-plane access control lists (ACL). Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another.

I don’t know what I’m scared of more: the fact that these types of vulnerabilities exists in devices which should enforce some basic separation between networks or the fact that they have a feature called Instant Messenger Inspection?


Leave a Reply

Your email address will not be published. Required fields are marked *