Cisco drops a mega-vulnerability alert for VPN devices [telecom]

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Cisco drops a mega-vulnerability alert for VPN devices

By using "crafted XML," attacker could take over routers, security

By Sean Gallagher

On January 29, Cisco released a high-urgency security alert for
customers using network security devices and software that support
virtual private network connections to corporate networks. Firewalls,
security appliances, and other devices configured with WebVPN
clientless VPN software are vulnerable to a Web-based network attack
that could bypass the devices' security, allowing an attacker to run
commands on the devices and gain full control of them. This would give
attackers unfettered access to protected networks or cause the
hardware to reset. The vulnerability has been given a Common
Vulnerability Scoring System rating of Critical, with a score of 10 -
the highest possible on the CVSS scale.

Site Timeline