The vulnerability of the Application Layer Gateway (ALG) and the ZBFW network interface of the Cisco IOS XE operating system, which allows a attacker to trigger a reboot of the vulnerable device

The vulnerability of the Application Layer Gateway ALG and the ZBFW network firewall of the Cisco IOS XE operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to trigger a reboot of the vulnerable device...

Cisco IOS XE NAT SIP ALG Denial of Service Vulnerability

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A denial of service vulnerability exists in the Network Address Translation NAT Session Initiation Protocol SIP Application Layer Gateway ALG of Cisco IOS XE. The vulnerability...

Buffer overflow

A vulnerability in the FTP application layer gateway ALG functionality used by Network Address Translation NAT, NAT IPv6 to IPv4 NAT64, and the Zone-Based Policy Firewall ZBFW in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The...

CVE-2019-12646

A vulnerability in the Network Address Translation NAT Session Initiation Protocol SIP Application Layer Gateway ALG of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP...

Design/Logic Flaw

A vulnerability in the Network Address Translation NAT Session Initiation Protocol SIP Application Layer Gateway ALG of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP...

PT-2019-3316 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Network Address Translation NAT Session Initiation Protocol SIP Application Layer Gateway ALG could allow an unauthenticated, remote attacker to cause a...

Command Execution Vulnerability in Netcom's Next Generation Firewall NGFW

Netcom Next Generation Firewall NGFW is a high-performance application layer firewall launched by Netcom Technology that can comprehensively deal with network threats. A command execution vulnerability exists in NGFW. An attacker can inject commands and execute them after logging in with a defaul...

Siemens SIMATIC S7-300 PLC Privilege Bypass Vulnerability

The Siemens SIMATIC S7-300 CPU is a modular general-purpose controller from Siemens for the manufacturing industry. The Siemens SIMATIC S7-300 PLC module is vulnerable to an unauthorized, execute CPU attack via privilege bypass. An attacker can construct special application layer data messages th...

CVE-2019-6619

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel TMM may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation ALPN enabled and it processes traffic where the ALPN extension size is zero...

nDPI - Open Source Deep Packet Inspection Software Toolkit

nDPI is a ntop-maintained superset of the popular OpenDPI library. Released under the LGPL license, its goal is to extend the original library by adding new protocols that are otherwise available only on the paid version of OpenDPI. In addition to Unix platforms, we also support Windows, in order...

Cisco IOS XE Software NAT SIP ALG Denial of Service Vulnerability

Cisco IOS XE Software is an operating system developed by Cisco for its network devices.Network Address Translation NAT Session Initiation Protocol SP Application Layer Gateway ALG is one of the gateway components. Network Address Translation NAT Session Initiation Protocol SP Application Layer...

Zero Trust Security Architectures - Identity Aware Proxy

By Faraz Siddiqui and Andrew Terranova This is Part 4 of a 5 part blog series. Jump to Part 1: Introduction Jump to Part 2: Network Micro-Segmentation Jump to Part 3: Software Defined Perimeter Jump to Part 5: Akamai's Approach to Zero Trust Introduction In the first part of this blog series, we...

Time to Eliminate Traditional VPNs

It is time to stop trusting your endpoints implicitly and reduce the complexity and risk associated with traditional VPN access and flat networks. Varied digital ecosystems, cloud migration, and workforce mobility have created a climate where the network perimeter no longer exists. This is eviden...

ThreatList: Top Summer DDoS Trends

On Tuesday, Akamai released a report on the year’s biggest distributed denial of service DDoS attacks. The report illustrates how this time-tested attack method continues to morph and adopt new tricks, and discusses trends to watch as we move into the summer months. According to the study, Summer...

Multiple vulnerabilities in the Application Layer Protocol Inspection component of Cisco microprogrammed network interface devices, which allow attackers to cause service failures.

The multiple vulnerabilities of the Application Layer Protocol Inspection component in Cisco microprogrammed network interfaces are related to resource management errors. Exploiting these vulnerabilities could allow a malicious actor to cause service interruptions by sending large amounts of...

CVE-2018-0240

Multiple vulnerabilities in the Application Layer Protocol Inspection feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of servi...

PT-2018-1300 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: Multiple vulnerabilities in the Application Layer Protocol Inspection...

Web Application Firewalls: The Definitive Primer

Firewalls have traditionally been focused on network layer traffic. As attacks have evolved, however, they have climbed the ladder of the Open Systems Interconnection OSI model. Web Application Firewalls WAFs have developed as a result, not only to track network traffic but also to understand...

Q4 2017 Global DDoS Threat Landscape Report

Today we are releasing our latest Global DDoS Threat Landscape Report, a statistical analysis of 5,055 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q4 2017. In Q4, the number of application layer attacks nearly doubled, just as the number of network...

Greenhouse.io: DoS through cache poisoning using invalid HTTP parameters

I was taking a look into a related report https://hackerone.com/reports/298265 and I discovered that the https://boards.greenhouse.io/embed/jobboard/js?for= endpoint doesn't throw errors when I try to pass in an array of for parameters like this:...