Secure Networks Inc Uncovers Vulnerabilities in Ascend Routers
CALGARY, March 16 /CNW-PRN/ - Secure Networks Inc. announced today the
>discovery of security vulnerabilities in router and access-server hardware
>provided by Ascend Communications, Inc (NASDAQ; ASND). The problems
>discovered allow attackers to crash Ascend Pipeline and MAX routers, cutting
>off network connectivity at sites that rely on them. Additionally, the
>default configuration, attackers can completely reconfigure vulnerable
>routers.
>
>Secure Networks Inc., a security research and development company, is
>releasing this new information to inform the community of the risks involved
>in running vulnerable routers, and to explain how these problems can be
>addressed by network operators. ''Organizations that rely on Ascend
>equipment need to know about these problems,'' said Thomas Ptacek, author of
>the new report. ''Attackers can abuse vulnerable Ascend routers to
>compromise entire enterprise networks.''
>
>The recently released technical report outlines two security issues with
>Ascend routers. One of them exploits a proprietary Ascend configuration
>protocol to cause the router to lock up; the other uses the router's SNMP
>management capability to download and view the full router configuration,
>which includes the passwords to the machine. These problems have been
>confirmed on Ascend's Pipeline and MAX platforms.
>
>''Given that routers are such an integral part of network infrastructures,
>vulnerabilities such as this pose a tremendous threat'', commented Alfred
>Huger, project manager at Secure Networks. ''We feel that it is tremendously
>important that end users of these products, be properly appraised of just
>how secure these products are''.
Ascend Communications has been notified of these problems, and is believed
>to be addressing them in a new version of the router's software. In the
>interim, Secure Networks, Inc. has provided information explaining how
>network operators can defend against these problems by reconfiguring the
>vulnerable router.
> A detailed security advisory has been made available at:
> ''http://www.secnet.com/advisoriers/sni-26.ascend.advisory.html/'' |
