McAfee Raises Attention About Cisco Flaws

McAfee AVERT, the research division of anti-virus vendor Network Associates, Thursday unveiled a comprehensive system and network protection against 10 Cisco Systems vulnerabilities attacked by a new hacking toolkit.

April 3, 2004

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

McAfee AVERT, the research division of anti-virus vendor Network Associates, Thursday unveiled a comprehensive system and network protection against 10 Cisco Systems vulnerabilities attacked by a new hacking toolkit.

The attack toolkit, named "CISCO Global Exploiter," has been made available across the Internet, and allows anyone to launch attacks exploiting weaknesses against any vulnerable Cisco OIS devices.

According to Vincent Gullato, vice president of McAfee AVERT, the Cisco vulnerabilities present hackers with a range of options, from causing denial-of-service attacks to bypassing authentication and executing malicious code on the device.

"When you're operating in an environment that has no integrity with regard to criminal activity, it's difficult to really grasp and believe a majority of what you hear and read," Gullato said. "With the information we can give, we hope it will provide [enterprise customers and resellers] with better protection."

Toward that aim, McAfee AVERT experts recommended users look into the following product vulnerabilities:

  • Cisco 677/678 Telnet Buffer Overflow Vulnerability

  • Cisco OIS Router Denial of Service Vulnerability

  • Cisco OIS HTTP Authentication Vulnerability

  • Cisco OIS HTTP Configuration Arbitrary Administrative Access Vulnerability

  • Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability

  • Cisco 675 Web Administration Denial of Service Vulnerability

  • Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability

  • Cisco IOS Software HTTP Request Denial of Service Vulnerability

  • Cisco 514 UDP Flood Denial of Service Vulnerability

  • CiscoSecure ACS Vulnerability

Cisco was not immediately available for comment.

Article appears courtesy of CRN.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights