Cisco Releases Security Advisory

Cisco has released a Security Advisory to address a vulnerability in several of their Intrusion Prevention System platforms. This vulnerability is caused by an unspecified error in the handling of Jumbo Ethernet frames received on a Gigabit network interface configured for inline mode. Exploitation of this vulnerability may allow a remote attacker to trigger a kernel panic and cause a denial-of-service condition or bypass security restrictions.

At this time, Cisco has not yet released software updates to resolve this issue; however, they have provided a workaround in their advisory. US-CERT encourages users to review Cisco Security Advisory cisco-sa-20080618-ips and apply any necessary workarounds until Cisco releases software updates.

US-CERT will provide additional information as it becomes available.

Read more: US-CERT Current Activity