Network News

X My Profile
View More Activity

Cisco Warns of Flaw in Routers

Cisco Systems Inc. today issued an alert warning of a serious security flaw in many of its Internet routers, pricey devices that direct a large portion of the world's Web and e-mail traffic. Cisco said attackers could use the flaw to seize control over vulnerable routers.

I don't see this advisory mentioned anywhere else on the Web at the moment. Cisco's write-up indicates that the available workaround and/or patch depends on what version of the product an organization is using. Cisco says the problem resides in routers configured to use its "firewall authentication proxy" feature, which lets network administrators specify rules about what types of traffic should be allowed through the firewall on a per-user basis.

Russ Cooper, senior information security analyst at Cybertrust, said that flaw will mostly affect universities and smaller ISPs that provide dial-up Internet services.

"There's probably some routers out there configured to do this, but I'd be surprised if they were on business networks," Cooper said.

I'll file an update when I learn more about the seriousness of the threat posed by this flaw. Symantec Corp. just elevated its ThreatCon a notch from 1 to 2 because of this vulnerability.

By Brian Krebs  |  September 7, 2005; 2:53 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Cisco Warns of Flaw in Routers
Next: Cisco Warns of Flaw in Routers

Comments

Your page loads incorrectly, with the result that the section that belongs at the bottom of the page lands in the upper middle, overlaying the article, rendering reading it extremely difficlut.

Posted by: A.. L. B. | September 8, 2005 11:58 AM | Report abuse

AIB - What browser are you using? Can you drop me a line with info on how to contact you?

Tx

Posted by: Brian Krebs | September 8, 2005 12:29 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company