[ISN] Dimension Data finds vulnerabilities on Cisco devices

From: InfoSec News <alerts_at_private>
Date: Wed, 25 May 2011 02:51:07 -0500 (CDT)

By John E. Dunn 
24 May 11

Large numbers of companies using Cisco network equipment are still 
vulnerable to a single security vulnerability flaw nearly two years 
after a patch was issued, an analysis of network scans by Dimension Data 
for its 2011 Network Barometer Report has found.

Overall, Dimension's Technology Lifecycle Management (TLM) assessment 
service discovered that an average of 73 percent of the 270 assessments 
it carried out on Cisco-dominated global companies had at least one 
known device security vulnerability that had yet to be patched. This 
held true for companies of all sizes and across all geographies.

Surprisingly, a single prominent vulnerability, Cisco PSIRT (Cisco 
Product Security Incident Response Team) 109444, was found on 66 percent 
of the networks looked at, accounting for much of the security exposure 
it found.

PSIRT 10944 has been rated by the industry Common Vulnerability Scoring 
System (CVSS) as being between 6.4 and 7.8 out of 10 in terms of 
severity (which is to say, moderately critical), and capable of allowing 
an attacker to hit affected devices with a successful DDoS attack, said 
Dimension Data.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Wed May 25 2011 - 00:51:07 PDT

This archive was generated by hypermail 2.2.0 : Wed May 25 2011 - 00:56:39 PDT