Cisco Focuses on IPS Flaw

Cisco Systems Inc. (Nasdaq: CSCO) has highlighted a security flaw in its Intrusion Prevention System (IPS) technology that could potentially leave users systems open to attack.

A note issued by the networking giant this week identified the vulnerability in the CiscoWorks Management Center for IDS Sensors (known as IDSMC), a software agent that configures and manages signatures for Cisco's IPS and Intrusion Detection Sensor (IDS).

A separate, but related, product, Monitoring Center for Security (known as Security Monitor), which provides reporting capabilities for network devices, is also affected.

According to the vendor, an attacker could "spoof" IDS or IPS by exploiting a vulnerability in IDSMC and Security Monitor that checks the Secure Sockets Layer (SSL) certificates used for authentication. However, the company says that not all versions of IDSMC and Security Monitor are affected.

Cisco admits that if the vulnerability is exploited, an attacker may be able to gather login information, submit false data, or even filter information from the IDSMC and Security Monitor.The vendor has already made free software available to address this vulnerability, according to the note on its website.

Security issues have kept Cisco in the headlines recently. Earlier this month, the company reset user passwords on its Website in response to a potential vulnerability (see Cisco Passwords Get Makeover).

This followed a kerfuffle at the recent Black Hat Briefings for the hacker community, when a security researcher revealed a flaw in Cisco’s IOS technology (see Cisco Faces Security Flap and Cisco Reveals 'Black Hat' Flaw).

More information about the IPS vulnerability is available on: http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_security_advisory09186a00804fa92e.shtml#summary.

— James Rogers, Site Editor, Next-Gen Data Center Forum0