Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Security products of CISCO are vulnerable! Remote access is available for Attacker!

Recently, researchers found a remote code execution vulnerability in CISCO Firewalls. This vulnerability was effecting ASA (Adaptive Security Appliance) software of company. There an update has been released by CISCO to fix this vulnerability. A problem of buffer overflow was happening in IKEv1 (Internet Key Exchange) and IKEv2 code of ASA software of CISCO. The researchers said that this flaw allows an attacker to execute and reload the arbitrary code. By exploiting this flaw attacker can gain the control of system completely.

According to CISCO,” Attackers can exploit this vulnerability by using the traffic, which has been directed to the effected system. Traffic of both IPv4 and IPv6 are available for the activation of this exploit. By exploiting this vulnerability, attackers can make changes into firewall settings. These changes will help the attacker to gain the access of system. The systems which are configuring IKEv1 and IKEv2 VPN connections, have this vulnerability. Attackers sends hard coded UDP packets to vulnerable systems and after the control the system remotely.

Three security researchers of Exodus Intelligence have found this critical vulnerability. The names of researchers are Jordan Gruskovnjak, Alex Wheeler and David Barksdale.

Also read: Attack on 20m accounts of Alibaba’s shopping site “Taobao”!

The CVSS (Common Vulnerability Scoring System) score of this vulnerability is 10.This vulnerability is a Critical vulnerability and has been identified as CVE-2016-1287. ASA 5500 adaptive security appliances, ASA 1000V cloud firewall, Firepower 9300 module, ASA 5500-X-next-generation firewalls, ISA 3000 industrial security appliances and many more security products, which  are using ASA software of CISCO could be effected by this vulnerability.

If you are using any of the product from above, fix this vulnerability as soon as possible to protect your systems from hackers.

Source: securityweek

Venigalla Sudhakar  Thanks

Feb 13, 2016

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.