Bug exposes Cisco switches to attacks

An attacker could interrupt the operation of certain Cisco Systems switches by sending it malformed data.

Joris Evers
Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Cisco Systems' CSS 11500 Series Content Services Switches configured with Secure Socket Layer, or SSL, termination services are vulnerable to a denial of service, or DoS, attack, Cisco
said in an advisory Wednesday. The switch is designed for use in data centers and performs an analysis of protocol headers and directs data traffic based on policies. Integrated SSL modules can simplify the management of digital certificates.

However, a memory corruption that occurs when the switch processes a malformed digital client certificate could cause the switch to reload, Cisco said. The flaw only exists if a switch is configured to support SSL termination services, which it is not by default, the networking giant said. Cisco has a fix for the vulnerability, which is rated "moderate" by the French Security Incident Response Team, a research outfit.