Cisco Admits No Current Patch For VPN Concentrators IKE-Based Vulnerability Leads To Denial Of Service Attacks

By klsh on September 27, 2006 3:38 PM | | Comments (0)

This has been festering for more than a year. For the money Cisco needs to get on the ball and write the patch!

The vulnerability allows an attacker without authentication to exhaust the IKE resources on a device by bombarding it with requests. The device will fail after as little as a few hundred requests, meaning a hacker would not mean a huge amount of processing power.

Networks have no defence against Cisco vulnerability - Comms News - Communications News

On Monday Cisco admitted that it could offer no patch for a vulnerability in its VPN concentrators.

The IKE-based vulnerability could lead to denial of service attacks on the Concentrators, meaning remote staff would be unable to access their corporate network.

Leave a comment

About this Entry

This page contains a single entry by klsh published on September 27, 2006 3:38 PM.

Setting Up An OpenVPN For Virtual Private Network Access Via Secure Tunnel was the previous entry in this blog.

Tips And Tricks For OPNET's ITGuru Application Characterization Environment (ACE); Also known as Cisco Application Analysis Solution ACE Module is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Powered by Movable Type 4.01

Search