US-CERT: Cisco not the only victim of Unicode flaw


US-CERT: Cisco not the only victim of Unicode flaw

Bill Brenner, Senior News Writer

Updated May 16 to include other vendors affected by the Unicode vulnerability.

For the second time in less than a week, Cisco Systems is acknowledging a flaw in its security products. The latest problem is

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

that digital miscreants could exploit an unpatched flaw in Cisco's Intrusion Prevention System (IPS) and Internetwork Operating System (IOS) with Firewall/IPS Feature Set to evade security restrictions and launch attacks. But unlike last week's IOS issue, this one hasn't been patched yet.

Cisco is not the only vendor affected. Researchers believe more than 90 security tools from different vendors may be at risk, and 3com Corp.'s TippingPoint division has confirmed it is among those affected.

The flaw was reported by the United States Computer Emergency Readiness Team (US-CERT) and originally discovered by researchers Fatih Ozavci and Caglar Cakici of Turkish security firm GamaSec. The researchers discovered that online outlaws could evade Cisco's IPS and firewall to secretly scan and attack targeted systems by encoding their attacks with a full-width or half-width Unicode character set.

No fix or workaround is currently available, Danish vulnerability clearinghouse Secunia noted in its advisory on the flaw.

The specific product versions affected by the flaw are Cisco Intrusion Prevention System (IPS) versions 4 and 5, and IOS versions 10, 11 and 12.

Last week, Cisco fixed a pair of flaws in its Internetwork Operating System (IOS) that attackers could exploit to cause a denial of service or tamper with data in a device's file system.

In that case, the IOS was improperly verifying user credentials within the FTP server. Remote attackers could exploit this to "bypass the authentication process and retrieve or write any file from the device file system (including the configuration file)," the networking giant warned. Also, an error in the FTP server surfaces when certain files are transferred. Remote attackers could use the error to cause a vulnerable device to reload, creating a denial-of-service condition.

The flaws affected Cisco IOS versions 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4.

US-CERT said in its advisory that the flaw also appears to affect the security products of many other vendors, including Microsoft, McAfee, Juniper, Sourcefire and Symantec. Those vendors have not confirmed whether they are indeed affected, however. The US-CERT advisory offers a complete list of those who may be at risk.