News

Cisco acknowledges, plugs IOS hole

Bill Brenner

For the second time in less than a week, Cisco Systems is acknowledging a flaw in its security products. The latest problem is that digital miscreants could exploit an unpatched flaw in Cisco's Intrusion Prevention

Requires Free Membership to View

System (IPS) and Internetwork Operating System (IOS) with Firewall/IPS Feature Set to evade security restrictions and launch attacks. But unlike last week's IOS issue, this one hasn't been patched yet.

The flaw was also reported by the United States Computer Emergency Readiness Team (US-CERT) and originally discovered by researchers Fatih Ozavci and Caglar Cakici of Turkish security firm GamaSEC. The researchers discovered that online outlaws could evade Cisco's IPS and firewall to secretly scan and attack targeted systems by encoding their attacks with a full-width or half-width unicode character set.

No fix or workaround is currently available, Danish vulnerability clearinghouse Secunia noted in its advisory on the flaw.

The specific product versions affected by the flaw are Cisco Intrusion Prevention System (IPS) versions 4 and 5, and IOS versions 10, 11 and 12.

Last week, Cisco fixed a pair of flaws in its Internetwork Operating System (IOS) that attackers could exploit to cause a denial of service or tamper with data in a device's file system.

In that case, the IOS was improperly verifying user credentials within the FTP server. Remote attackers could exploit this to "bypass the authentication process and retrieve or write any file from the device file system (including the configuration file)," the networking giant warned. Also, an error in the FTP server surfaces when certain files are transferred. Remote attackers could use the error to cause a vulnerable device to reload, creating a denial-of-service condition.

The flaws affected Cisco IOS versions 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4.