The US government has identified flaws in equipment from four companies, including Cisco Systems, that hackers can exploit to break into corporate computer networks.
The Department of Homeland Security's US Computer Emergency Readiness Team, US-CERT, said on its website on Wednesday that the warning applies to certain networking products from Cisco, Juniper Networks, SonicWall and SafeNet.
The flaw applies to equipment with technology known as SSL VPN that companies use to set up secure communications systems for safely accessing internal computer systems over the Internet.
It affects VPN systems run directly through a web browser, rather than through software installed on a user's PC, which is more widely used.
Hackers who exploit the vulnerability could gain broad access to corporate networks, then steal confidential data, install malicious software or turn PCs into spam servers.
US-CERT's posting said the manufacturers have yet to develop a remedy for the problem, which government officials brought to their attention on 24 September.
In the meantime, US-CERT researchers have developed three "workarounds" that they said minimise, but do not eliminate, the risk of an attack.
Barry Greene, head of Juniper's security response team, said his company has known of the vulnerability for several years and has urged customers to run the systems with workarounds in place.
"Our customers who follow the best common practice significantly reduce the risk - to the point where they don't need to worry about it," he said.
SafeNet spokeswoman Donna St. Germain said her company had already devised a way to completely eliminate the risk and advised customers how to configure their equipment to do so.
The government agency said that SSL VPN products from other companies could potentially be at risk, though it has not tested them.
A spokesperson for Cisco said he could not immediately comment on the matter. SonicWall did not respond to a request for comment.
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
Cisco claims new smart switches provide next-level perimeter defenseNews Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
Cisco is jailbreaking AI models so you don’t have to worry about itNews Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
-
Cisco dispels Kraken data breach claims, insists stolen data came from old attackNews Cisco has refuted claims it has suffered a data breach after the Kraken threat group posted stolen data online.
-
Cisco patches critical flaws in Identity Services EngineNews Cisco has issued patches for a pair of critical vulnerabilities affecting its Identity Service Engine (ISE).
-
Your office is now absolutely riddled with surveillance equipmentNews While workplace monitoring is shown to have a detrimental effect on morale, many firms are still charging ahead
-
Cisco confirms attackers stole data, shuts down access to compromised DevHub environmentNews The tech giant insists that no sensitive customer information has been compromised
-
Cisco confirms investigation amid data breach claimsNews The networking giant says its probe is ongoing amid claims a threat actors accessed company data
-
Rubrik partners with Cisco to bolster cyber resilience
News Rubrik now integrates with Cisco XDR and is listed on the connectivity giant’s SolutionsPlus program
