Cisco releases security patch
The patch is intended to address vulnerabilities in two products whose reporting capabilities could be compromised by an attack.
Cisco issued a security advisory on Monday regarding vulnerabilities in its IDS Management Center, versions 2.0 and 2.1, as well as its CiscoWorks Monitoring Center for Security, versions 1.1 through 2.0 and version 2.1.
The flaws could allow an attacker to spoof an intrusion-detection or prevention system by exploiting a vulnerability in IDSMC's and the security monitor's SSL certificate-checking functionality. Such an intrusion could permit the attacker to harvest login credentials and submit false information to the IDSMC and security monitor, impairing their integrity and reporting capabilities.