Home > Wide Area Network (WAN) News > Brief: Cisco discloses VPN Concentrator flaw
Wide Area Network (WAN) News:
EMAIL THIS

Brief: Cisco discloses VPN Concentrator flaw

By Eric B. Parizo, News Editor
31 Mar 2005 | SearchNetworking.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Cisco Systems Inc. on Wednesday published a security advisory warning that its VPN Concentrator 3000 may be vulnerable to a denial-of-service (DoS) attack.

The flaw, which has been categorized as "less critical" by third-party security information provider Secunia, may be exploited by malicious users by sending a specially crafted Secure Sockets Layer (SSL) attack to the concentrators, which could in turn force the device to reload or drop user connections.

Several 3000 series models are affected, including 3005, 3015, 3020, 3030, 3060 and 3080, as well as the Cisco VPN 3002 Hardware Client.

According to the networking giant, the vulnerability can be resolved by upgrading to software version 4.1.7.B or later.

Additionally, the issue can be mitigated by disabling HTTPS, or by blocking SSL connections to a concentrator using transit access control lists.

Sound Off! -  


Tags: VPN setup and configurationVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
VPN setup and configuration
Determining efficient VPN solutions, encryption options
VPN, remote access security best practices
Determining IPsec tunneling, bandwidth capacity
Changing established VPN router crypto map for new encryption traffic
GRE tunnel vs. IPsec tunnel: What is the difference?
Using NAT Traversal and IPsec Passthrough together
Broadband VPN bandwidth issues
Trouble connecting to the VPN: Static and dynamic IP address issues
VPN operating system interoperability -- Configure VPNs with Windows, Checkpoint
VPN operating system interoperability -- Configure VPNs with Linux

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Network Address Translation  (SearchEnterpriseWAN.com)
tunneling  (SearchEnterpriseWAN.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts