Brief: Cisco discloses VPN Concentrator flaw

Home
Topics
VPNs and WAN Security
VPN setup and configuration
Brief: Cisco discloses VPN Concentrator flaw

Article

Brief: Cisco discloses VPN Concentrator flaw

Eric B. Parizo, News Editor

Cisco Systems Inc. on Wednesday published a security advisory warning that its VPN Concentrator 3000 may be vulnerable to a denial-of-service (DoS) attack.

The flaw, which has been categorized as "less critical" by third-party security information provider Secunia,

Requires Free Membership to View

Login

SearchEnterpriseWAN.com members gain immediate and unlimited access to breaking industry news, best practices for designing and managing Wide Area Networks, WAN Security, and more -- all at no cost. Join me on SearchEnterpriseWAN.com today!

Kate Gerwig, Editorial Director

By submitting your registration information to SearchEnterpriseWAN.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseWAN.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

may be exploited by malicious users by sending a specially crafted Secure Sockets Layer (SSL) attack to the concentrators, which could in turn force the device to reload or drop user connections.

Several 3000 series models are affected, including 3005, 3015, 3020, 3030, 3060 and 3080, as well as the Cisco VPN 3002 Hardware Client.

According to the networking giant, the vulnerability can be resolved by upgrading to software version 4.1.7.B or later.

Additionally, the issue can be mitigated by disabling HTTPS, or by blocking SSL connections to a concentrator using transit access control lists.

Related Topics: VPN setup and configuration, VIEW ALL TAGS

Dig Deeper

People who read this also read...

Related glossary terms

Terms for Whatis.com - the technology online dictionary

Show me more

More from Related TechTarget Sites

Networking
Mobile Computing
Telecom
Unified Communications
Networking Channel
Networking UK
Data Backup

Networking
- Taking WPS attack precautions can reduce unauthorized WLAN access
  
  Admins should take WPS attack precautions to avoid unauthorized WLAN access, yet understanding the WPS protocol and its own vulnerabilities is key to complete network protection.
- Integrating Juniper QFabric into your existing data center network
  
  In this video, learn how to integrate Juniper QFabric into existing data center architecture, taking into account the issues that can be associated with the technology.
- Wireless intrusion prevention system smartens school district Wi-Fi
  
  With AirMagnet’s wireless intrusion prevention system and RF spectrum analysis, a large school district improved wireless LAN security and solved Wi-Fi interference problems.
Mobile Computing
- Bringing BYOD to your enterprise
  
  Bring your own device (BYOD) can be a boon for both employees and enterprises, but clear policies and management tools are needed.
- Meeting technical requirements for mobile health care deployments
  
  IT departments deploying mobile health care solutions must ensure that using mobile devices in health care settings doesn't violate federal laws or compromise security.
- Making the call: Distributed antenna systems and in-building wireless
  
  Distributed antenna systems and in-building wireless solutions are two options to improve wireless cellular coverage within an enterprise facility.
Telecom
- Smartphone adoption spurs advanced services demand in Latin America
  
  Latin American smartphone adoption is more robust than North America's, and the consumers are more mobile-friendly than their peers in developed economies.
- Need for wireless network upgrade is key AT&T/T-Mobile driver
  
  Rising demand for high-quality network service delivery will require operators to undertake a massive wireless network upgrade, driving deals like the AT&T/T-Mobile acquisition.
- Video: ACG Research dissects telecom routing and switching market
  
  In this ACG Research HotSeat video, Managing Partner Ray Mota gives viewers a quarterly update on the telecom service provider routing and switching market.
Unified Communications
- SIP Forum to showcase SIP trunking interoperability for enterprises
  
  The SIP Forum has announced SIPconnect-IT, a live testing initiative for SIP trunking interoperability, which could lower SIP trunking costs and complexity.
- TCO metrics key, but complex in IP telephony systems deployment
  
  Total cost of ownership (TCO) metrics for new IP telephony systems are often overlooked by enterprises, according to a new study, but other factors rank high in importance.
- Avaya introduces iPad mobile UC appliation as mobility interest grows
  
  With mobile unified communications a major priority for enterprises in 2012, Avaya has launched a mobile UC product for the iPad.
Networking Channel
- Cisco Live London: 40 and 100 GbE switching and souped up WLAN
  
  At Cisco Live London, Cisco debuted 40 and 100 GbE line cards for Nexus and Catalyst switching lines, as well as a 4-antenna wireless access point meant to soup up the WLAN.
- Selling public sector IT solutions forces partners to do some homework
  
  The need for public sector IT solutions is growing due to developing network activity, but can partners must be ready to commit to longer sales cycles and other complications.
- IT asset disposal services offer secure data removal and piece of mind
  
  Channel partners can offer Ingram Micro’s IT asset disposal services to provide customers with secure data removal while remaining environmentally friendly by recycling devices.
Networking UK
- Cisco Live London: 40 and 100 GbE, souped up WLAN
  
  At Cisco Live London, Cisco launched 40 and 100 GbE switching, a souped-up 4-antenna WLAN access point, and a host of network virtualisation technologies.
- UK Networkers should gear up for mobility implementations in 2012
  
  Companies are rethinking legacy tools to take advantage of what users get from having access to data and applications across all kinds of devices, according to TechTarget’s 2012 IT Priorities Survey.
- Cloud gets vote of confidence from UK buyers in 2012 IT priorities
  
  The cloud is set to be a key investment area for UK buyers in 2012 with 30.5% of IT buyers pledging to spend on the technology, according to TechTarget’s 2012 IT Priorities Survey.
searchDataBackup
- Microsoft backup challenges, solutions, and best practices
  
  Whether you’re new to Microsoft backup or just want to learn ways to improve your processes, you’ll want to check out our latest Microsoft backup content.
- Symantec backup applications get makeovers for speed, VMs
  
  Symantec enhances backup applications NetBackup and Backup Exec: adding speed, search and NetApp integration to NetBackup and better virtual backup to Backup Exec.
- CommVault addresses mobile and laptop data backup, 'big data' backup
  
  CommVault enhances Simpana 9 with remote laptop data backup and a better way of backing up ‘big data’ repositories.

All Rights Reserved, Copyright 2009 - 2012, TechTarget