ALL >> Computers >> View Article
Cisco Issues Security Advisory To Warn Against Vulnerabilities In Content Service Gateway
Recently, security researchers at Cisco disclosed security flaws in its second generation content service gateway (CSG2). Content service gateways are used by organizations to offer access to content on their sites at a price. The gateway analyses the data traffic and allows organizations to bill the customers for the content offered. CSG 2 runs on Service and Application Module for IP (SAMI). One of the vulnerabilities has been identified as a service policy bypass vulnerability, which allows an attacker to circumvent billing polices and gain unauthorized access to restricted content. The vulnerability allows customers of an organization to gain access to sites with similar billing policy without being charged. The security flaw also allows customers to gain access to sites, which are generally configured to restrict access.
The affected CISCO IOS Software include 12.4 (11)MD, 12.4(15)MD, 12.4(22)MD and versions released prior to 12.4(24)MD 3, 12.4(22)MDA 5 and 12.4(24)MDA 3 on CSG2.
Content service gateways allow organizations to earn for the content offered on their websites. and restrict improper use of ...
... content by third parties. The gateways prevent other service providers from taking undue benefit of content available on an organizations website.
Security researchers at Cisco have also identified two vulnerabilities in Cisco IOS Software 12.4(24)MD1 for CSG2. The identified vulnerabilities may cause denial-of-service condition on CSG 2. Attackers may use well-crafted Transmission Control Protocol (TCP) packets to gain unauthorized access and cause denial of service stopping the traffic flow to CSG2. The vulnerability requires only one active service content to be active to be exploited by the attackers. The vulnerabilities affect IOS Software 12.4(24)MD1 for the second generation content service gateway. The vulnerability may cause the gateway to reload or stuck denying services.
Usually, ethical hackers help developers in identifying vulnerabilities prior to individuals with malicious intent to prevent their exploitation. Cisco is yet to issue any patch for the vulnerabilities.
Developers are faced with the constant challenge of developing secured products. Attackers on the other hand constantly endeavor to breach security mechanisms. Online training programs enable self paced learning and skill enhancement facility to product developers without disrupting their work obligations.
Information security training may help employees of an organization to understand the relevant security threats, gain insights on the likely implications, understand the first response procedures and ensure timely reporting of vulnerabilities.
Add Comment
Computers Articles
1. Choose The Right Version Of Windows 10 Iot Enterprise Or Windows 10 ProAuthor: michellumb44
2. Choose The Right Edition Of Windows 10 Or Windows 10 Enterprise
Author: michellumb44
3. Tools For Designing And Developing For Modern Teams
Author: michellumb44
4. How To Pick The Best Sql Server Edition And Core Licensing For Your Workloads
Author: michellumb44
5. Balance Remote Access And Database Power: Rds User Cals And Sql Server Cores
Author: michellumb44
6. A Practical Guide For It Teams On How To Choose The Right Rds Cals
Author: michellumb44
7. The Practical Guide To Windows Server 2022 Remote Desktop Licensing
Author: michellumb44
8. Choose The Right Licensing Path: Rds Cals And Windows Server Datacenter
Author: michellumb44
9. Pick The Right Number Of Windows Server 2019 Datacenter Cores For Your Workloads
Author: michellumb44
10. Top Food Delivery Apps Data Scraping Api In Germany
Author: FoodDataScrape
11. Employee Attendance Management
Author: James
12. Budget Website Design
Author: James
13. Nfc Guard Tour System Singapore
Author: James
14. Guard Patrol Tour System
Author: James
15. Call A Specialist In Network Support To Keep Your Business Data Safe
Author: Aneesa Stein