Cisco hole allows users to skip net bills

Cisco hole allows users to skip net bills

Summary: A security vulnerability has been revealed in Cisco's Content Services Gateway, which allows users to skip internet access charges and access banned websites.

SHARE:

A security vulnerability has been revealed in Cisco's Content Services Gateway, which allows users to skip internet access charges and access banned websites.

Traffic lights

(Traffic lights image by Horia Varlan, CC2.0)

The hole, documented in bug ID CSCtk35917, exists in the second generation (CSG2) of the platform, which runs on the Cisco Service and Application Module for Internet Protocol. The CSG2 is used to bill users based on content by monitoring data traffic at layer 4 through layer 7.

For example, customers at an internet cafe running CSG2 could exploit the vulnerability to bypass its payment gateway by sending specially crafted Hypertext Transfer Protocol packets.

Only HTTP traffic is affected, according to a Cisco advisory.

Two further holes in the IOS software release 12.4(24)MD1, documented in bug IDs CSCth17178 and CSCth4189, enable denial-of-service attacks which jam traffic and prevent it passing through the CSG2.

These attacks require a sole content service to be active and can be exploited via crafted Transmission Control Protocol packets, the advisory stated.

Cisco has issued a patch for the holes, but there aren't any workarounds to prevent the issue.

Topics: Security, Cisco, Networking, AUSCERT

Darren Pauli

About Darren Pauli

Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion