Cisco Warns Of Vulnerability In VPN Device - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Cisco Warns Of Vulnerability In VPN Device

The vulnerability in the VNP 3000 Series concentrators could allow malicious users to launch a denial-of-service attack.

Cisco Systems on Friday released a security advisory about its VPN 3000 Series concentrators, which have a vulnerability that could allow a malicious user to send a crafted HTTP packet that could result in a denial-of-service attack.

Cisco has made free software available to address the vulnerability for affected customers, and has provided workarounds. The HTTP used for this type of Web-based management interface is activated by default on the VPN 3000 concentrators, but Cisco recommends disabling it to mitigate the vulnerability. With HTTP disabled, the concentrator can be configured to use HTTPS (HyperText Transfer Protocol Secure). HTTPS must be enabled before disabling HTTP.

VPN 3000 concentrators running version 4.7.0 through 4.7.2.A of the equipment's software are affected by this vulnerability. Prior software is safe.

Such vulnerabilities in Cisco VPN equipment have been discovered before, but customers should always make sure they are up to date on the latest patches and workarounds, said Tom Duffy, president and CEO of igxglobal, a Rock Hill Conn.- based network security solution provider.

“They should check their systems anytime a patch is issued," Duffy said.

To help customers with these types of vulnerabilities, igxglobal sends out a daily security brief that alerts them to the potential risk and what to do to patch their systems, Duffy said. However, not all customers pay attention to these warnings, he added.

"It's a challenge for us sometimes with companies that put their head in the sand," Duffy said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Northwestern Mutual CIO: Riding Out the Pandemic
Jessica Davis, Senior Editor, Enterprise Apps,  10/7/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll