McAfee AVERT Raises Attention To Cisco Flaws
The attack toolkit, named "CISCO Global Exploiter," has been made available across the Internet, and allows anyone to launch attacks exploiting weaknesses against any vulnerable Cisco OIS devices.
According to Vincent Gullato, vice president of McAfee AVERT, the Cisco vulnerabilities present hackers with a range of options, from causing denial-of-service attacks to bypassing authentication and executing malicious code on the device.
"When you're operating in an environment that has no integrity with regard to criminal activity, it's difficult to really grasp and believe a majority of what you hear and read," Gullato said. "With the information we can give, we hope it will provide [enterprise customers and resellers] with better protection."
Toward that aim, McAfee AVERT experts recommended users look into the following product vulnerabilities:
- Cisco 677/678 Telnet Buffer Overflow Vulnerability
- Cisco OIS Router Denial of Service Vulnerability
- Cisco OIS HTTP Authentication Vulnerability
- Cisco OIS HTTP Configuration Arbitrary Administrative Access Vulnerability
- Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
- Cisco 675 Web Administration Denial of Service Vulnerability
- Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability
- Cisco IOS Software HTTP Request Denial of Service Vulnerability
- Cisco 514 UDP Flood Denial of Service Vulnerability
- CiscoSecure ACS Vulnerability
Cisco was not immediately available for comment.