News Stay informed about the latest enterprise technology news and product updates.

Brief: Cisco discloses VPN Concentrator flaw

Cisco late Wednesday confirmed that its VPN Concentrator 3000 series may be vulnerable to DoS attacks. The networking giant has released a software upgrade that repairs the flaw.

Cisco Systems Inc. on Wednesday published a security advisory warning that its VPN Concentrator 3000 may be vulnerable to a denial-of-service (DoS) attack.

The flaw, which has been categorized as "less critical" by third-party security information provider Secunia, may be exploited by malicious users by sending a specially crafted Secure Sockets Layer (SSL) attack to the concentrators, which could in turn force the device to reload or drop user connections.

Several 3000 series models are affected, including 3005, 3015, 3020, 3030, 3060 and 3080, as well as the Cisco VPN 3002 Hardware Client.

According to the networking giant, the vulnerability can be resolved by upgrading to software version 4.1.7.B or later.

Additionally, the issue can be mitigated by disabling HTTPS, or by blocking SSL connections to a concentrator using transit access control lists.

Dig Deeper on WAN technologies and services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.