• United States



by Dave Gradijan

Black Hat: Security Flaw Revealed in Cisco Firewall

Aug 04, 20062 mins
CSO and CISOData and Information Security

Cisco Systems just can’t seem to make it through the Black Hat USA conference unscathed. On Wednesday, a security researcher showed how an unpatched vulnerability in the company’s PIX firewall appliances could allow outside attackers to gain access to corporate networks.

On the final slide of his presentation on voice-over-IP security, Hendrik Scholz, a developer with Freenet Cityline GmbH, disclosed a technique for bypassing the firewalls, according to an audio recording of the talk obtained by IDG News Service.

“You can open up whatever port you want … and access internal servers from the outside,” he said. “It’s really easy to do, and we’re talking to Cisco about how to get it fixed.”

By now, Black Hat is old hat for Cisco.

Last year, conference organizers were sued by the networking giant and had to literally rip a presentation by researcher Michael Lynn out of last year’s conference materials because it disclosed flaws in its Internetwork Operating System software.

Details on the PIX vulnerability are scarce. Scholz’s slide disclosing the Cisco exploit, called a zero-day in hacker parlance, was not included in the version of his presentation distributed by Black Hat.

And Scholz himself declined to comment further on the exploit, saying he was waiting for Cisco to address the matter. “If you are interested in details regarding ‘the last slide,’ all I can tell you right now is that Cisco is working to get it fixed,” he said via e-mail. “Information will be released sometime in the future, but most likely not during Black Hat.”

Cisco spokesman John Noh confirmed that his company was investigating the matter. “After we look into it, we will respond according to our security vulnerability policy,” he said.

By Robert McMillan, IDG News Service (San Francisco Bureau)

More Black Hat coverage:

Black Hat: Xerox Printers Have Major Security Flaw

Black Hat: MacBook Vulnerable to Wireless Hack

Black Hat: FBI Joins Fight Against ID Theft

Hackers Descend on Las Vegas

Keep checking in at our Security Feed for updated news coverage.