Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco Focuses on IPS Flaw

Cisco Systems Inc. (Nasdaq: CSCO) has highlighted a security flaw in its Intrusion Prevention System (IPS) technology that could potentially leave users systems open to attack.

A note issued by the networking giant this week identified the vulnerability in the CiscoWorks Management Center for IDS Sensors (known as IDSMC), a software agent that configures and manages signatures for Cisco's IPS and Intrusion Detection Sensor (IDS).

A separate, but related, product, Monitoring Center for Security (known as Security Monitor), which provides reporting capabilities for network devices, is also affected.

According to the vendor, an attacker could "spoof" IDS or IPS by exploiting a vulnerability in IDSMC and Security Monitor that checks the Secure Sockets Layer (SSL) certificates used for authentication. However, the company says that not all versions of IDSMC and Security Monitor are affected.

Cisco admits that if the vulnerability is exploited, an attacker may be able to gather login information, submit false data, or even filter information from the IDSMC and Security Monitor.

  • 1