Cisco has found more vulnerabilities in its networking products. The company said hackers could potentially crash its PIX 500 series security appliances, 5500 series of adaptive security appliances and firewall services module and bypass security protocols by corrupting access control lists to allow unauthorised traffic onto a corporate network.
Only three days before, Cisco also patched two vulnerabilities within its router internetwork operating system (IOS) that could crash the systems and bypass intrusion detection software. The vulnerabilities affect IOS versions beginning 12.3 and 12.4.
The company issued a security advisory in which it said a fragmented packet evasion weakness “may result in an attacker being able to evade detection by an IOS IPS [intrusion protection service] device. This could allow protected systems to be covertly attacked".
The other flaw is an ATOMIC.TCP regular expression denial-of-service Cisco warned could also be exploited to crash an IOS IPS device.
Security firms have said the flaws are of moderate importance, but the vendor urged network managers running the affected hardware and software to patch them as soon as possible.