Black Hat Flaw Eludes Cisco
That seems to be the case with a firewall vulnerability discussed at the recent Black Hat Inc. conference. Cisco Systems Inc. (Nasdaq: CSCO) says it's yet to confirm the problem, and not for lack of trying.
In a security response issued yesterday, Cisco says its Product Security Incident Response Team (PSIRT) "has been unable to reproduce this issue."
This doesn't mean the story is over, though. A Cisco spokesman says the team will continue the hunt and publish details "as they are available."
On Aug. 2, researcher Hendrik Scholz disclosed a vulnerability in Cisco's PIX firewall at the end of a presentation entitled "SIP Stack Fingerprinting and Stack Difference Attacks." He didn't divulge details of the problem or how it might be exploited. (See Cisco & Black Hat Meet Again.)
Scholz, who works for Freenet Cityline GmbH, a unit of Freenet AG , has been helping Cisco's PSIRT investigate the vulnerability.
— Craig Matsumoto, Senior Editor, Light Reading