(Reuters) - The U.S. government has identified flaws in equipment from four companies, including Cisco Systems Inc (CSCO.O), that hackers can exploit to break into corporate computer networks.
The Department of Homeland Security's U.S. Computer Emergency Readiness Team, US-CERT, said on its website on Wednesday that the warning applies to certain networking products from Cisco, Juniper Networks Inc (JNPR.K), SonicWall Inc (SNWL.O) and SafeNet Inc.
The flaw applies to equipment with technology known as SSL VPN that companies use to set up secure communications systems for safely accessing internal computer systems over the Internet.
It affects VPN systems run directly through a Web browser, rather than through software installed on a user's PC, which is more widely used.
Hackers who exploit the vulnerability could gain broad access to corporate networks, then steal confidential data, install malicious software or turn PCs into spam servers.
US-CERT's posting said the manufacturers have yet to develop a remedy for the problem, which government officials brought to their attention on September 24.
In the meantime, US-CERT researchers have developed three "workarounds" that they said minimize, but do not eliminate, the risk of an attack.
Barry Greene, head of Juniper's security response team, said his company has known of the vulnerability for several years and has urged customers to run the systems with workarounds in place.
"Our customers who follow the best common practice significantly reduce the risk -- to the point where they don't need to worry about it," he said.
SafeNet spokeswoman Donna St. Germain said her company had already devised a way to completely eliminate the risk and advised customers how to configure their equipment to do so.
The government agency said that SSL VPN products from other companies could potentially be at risk, though it has not tested them.
A spokesperson for Cisco said he could not immediately comment on the matter. SonicWall did not respond to a request for comment.
(Reporting by Jim Finkle; Additional reporting by Ritsuko Ando; Editing by Richard Chang)
about 6 hours agoAssessing the Impact of HP Layoffs - HP needs channel partners to help put some distance between it all the drama ... http://t.co/2H0Gq8HJ
about 8 hours agoThin Client Opportunity Gets Richer for the Channel - IT organizations are rethinking client strategy in the age of ... http://t.co/JxUbh24m
May 23rd 4:38 PMPutting a Channel Face on the Cloud - Amazon, Google and others may leverage the channel to compete more aggressivel... http://t.co/RUeo9iT5
May 22nd 10:41 PMExpanding the Reach and Scope of Desktop Virtualization - VMware moves to acquire Wanova - VMware has set out to ... http://t.co/Ad020fhT
May 22nd 8:58 PMConsidering the IBM Watson Possibilities - IBM looks to the channel to help find new use cases for cognitive computi... http://t.co/CAljVbac
May 22nd 8:54 AMVariations on a Cloud Storage Theme in the Channel - EMC expands focus on the cloud via a channel that is wrestling ... http://t.co/MORSpkkb
May 21st 10:43 AMRightsizing the Cloud Service Provider - Cloudbursting will alter the way the channel thinks about cloud computing i... http://t.co/eZ33qdKE
May 17th 6:39 PMThe Future of IT Services - Automated managed services are transforming the way IT services are delivered - Histo... http://t.co/w4zvAS8u
May 17th 12:39 PMRising to the Cloud Application Management Challenge - BetterCloud previews management tool for Google Apps environm... http://t.co/KzhO7FlP
May 16th 11:00 AMPlaying the IT Services Name Game - HP expands ability of partners to deliver branded services as part of effort to ... http://t.co/XU3QOnKz
Start the New Year with business intelligence—it’s a smart move
Join us on February 1 for an encore rebroadcast at either 5 am or 12 noon EST and discover how business intelligence (BI) supports companies in uncertain business and economic climates. Get expert advice on how to create a strategy that fits your organization's needs and budget and see how quickly it can pay for itself. Click Here
