Friday, July 15, 2005

Cisco Security Advisory: Cisco CSA Vulnerable to Crafted IP Attack

Via the Cisco website.

Cisco Security Agent (CSA) is a network security software agent that provides threat protection for server and desktop computing systems.

A malicious attacker may be able to send a crafted IP packet to a Windows workstation or server running CSA 4.5 which may cause the device to halt and/or reload.

Repeated exploitation will create a sustained DoS (denial of service).

Cisco has made free software available to address this vulnerability.

This vulnerability is documented in the Cisco Bug Toolkit as Bug ID CSCsa85175

Vulnerable Products

Cisco CSA version 4.5 when running on any Microsoft Windows platforms except Windows XP.

Products Confirmed Not Vulnerable

The following products are confirmed not vulnerable:

  • Cisco CSA 4.0 and earlier
  • Cisco CSA while running on Solaris
  • Cisco CSA while running on Linux
  • Cisco CSA while running on Windows XP

0 Comments:

Post a Comment

<< Home