Bug exposes Cisco switches to attacks

Cisco Systems' CSS 11500 Series Content Services Switches configured with Secure Socket Layer, or SSL, termination services are vulnerable to a denial of service, or DoS, attack, Cisco said in an advisory Wednesday. The switch is designed for use in data centers and performs an analysis of protocol headers and directs data traffic based on policies. Integrated SSL modules can simplify the management of digital certificates.

However, a memory corruption that occurs when the switch processes a malformed digital client certificate could cause the switch to reload, Cisco said. The flaw only exists if a switch is configured to support SSL termination services, which it is not by default, the networking giant said. Cisco has a fix for the vulnerability, which is rated "moderate" by the French Security Incident Response Team, a research outfit.