Cisco Intrusion Detection Products May Allow Intrusion

A Cisco security flaw may allow attackers to hack into systems through the intrusion detection system (IDS), Cisco warned Monday in an advisory. An SSL certificate-checking flaw in two Cisco products - CiscoWorks Management Center for IDS Sensors (IDSMC) and Monitoring Center for Security (Secmon) - could allow an attacker to spoof an IDS system and gain access to sensitive data. SSL certificates are used to authenticate Cisco devices and services as they interact with one another.

A successful attacker "may be able to gather login credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it," Cisco said. A free software update that corrects the flaw is available from Cisco.

The announcement continues a trend in which security products are emerging as a potential entry point for attackers. Last year the Witty Worm spread rapidly using a security weakness in BlackIce IDS products from Internet Security Systems. Serious security holes have also been discovered in Symantec antivirus products and the ZoneAlarm family of firewalls from Computer Associates, among others.