Simon Bullen’s WeblogNETWORKS HAVE NO DEFENCE AGAINST CISCO VULNERABILITY
So says the man who found it. Cisco has no patch either.
Network managers have no defence against an unpatchable flaw in Cisco’s security equipment, according to the person who found the flaw.
On Monday Cisco admitted that it could offer no patch for a vulnerability in its VPN concentrators.
The IKE-based vulnerability could lead to denial of service attacks on the Concentrators, meaning remote staff would be unable to access their corporate network.
The flaw was identified a year ago by penetration tester Roy Hills. He revealed the vulnerability late last week because Cisco had made no progress in protecting its customers.
Communications News asked Hills whether businesses could protect their networks from the vulnerability. Hills said, “It is a bit difficult – you need IKE for people to connect! It’s a matter of waiting for Cisco to come up with a fix.”
Leave a Reply