February 16, 2007 10:12 AM PST
Cisco finds two new flaws
The latest weaknesses are found in Cisco's Pix 500 series security appliances, its 5500 series of adaptive security appliances, and its firewall services module. Hackers could use the various vulnerabilities to crash a networking appliance and bypass security policies. A related vulnerability could be used to corrupt access control lists, allowing traffic that should be blocked to pass into the corporate network.
Cisco has made patches available for the firewall service module and appliance vulnerabilities.
Just three days ago, Cisco revealed two vulnerabilities within IOS, the operating system on which its routers run. Left unpatched, they could result in the routers crashing and intrusion prevention software being circumvented.
Secunia, the vulnerability tracking firm, described the latest flaws in an advisory as "moderately critical," or of middling severity.Richard Thurston of ZDNet UK reported from London.