security researcher has demonstrated how an unpatched vulnerability in Cisco’s PIX firewall appliances could allow outside attackers to gain access to corporate networks.
On the final slide of his presentation at the Black Hat show on VoIP security, Hendrik Scholz, a developer with Freenet Cityline disclosed a technique for bypassing the firewalls, according to an audio recording of the talk obtained by IDG News.
"You can open up whatever port you want... and access internal servers from the outside," he said "It's really easy to do and we're talking to Cisco about how to get it fixed."
By now Black Hat is old hat for Cisco.
Last year conference organisers were sued by the networking giant and had to literally rip a presentation by researcher Michael Lynn out of last year's conference materials because it disclosed flaws in its IOS software.
Details on the PIX vulnerability are scarce. Scholz 's slide disclosing the Cisco exploit, called a 0day (or zero-day) in hacker parlance, was not included in the version of his presentation distributed by Black Hat.
And Scholz himself declined to comment further on the exploit, saying he was waiting for Cisco to address the matter. "If you are interested in details regarding 'the last slide' all I can tell you right now is that Cisco is working to get it fixed," he said via e-mail.
"Information will be released some time in the future but most likely not during Black Hat."
Cisco spokesman John Noh confirmed that his company was investigating the matter. "After we look into it, we will respond according to our security vulnerability policy," he said.