A flaw in a key Internet security protocol used by major networking products could open systems up to denial-of-service and other kinds of attacks, experts have warned.
Finnish researchers at the University of Oulu announced Monday that they have found a vulnerability in the Internet Security Association and Key Management Protocol, or ISAKMP. The technology is used in IPsec virtual private network and firewall products from a range of networking companies, including giants Cisco Systems and Juniper Networks.
The severity of the problems varies by software vendor, according to an advisory issued jointly by the British National Infrastructure Security Co-ordination Centre and the Finnish CERT.
“These flaws may expose denial-of-service conditions, format string vulnerabilities, and buffer overflows,” the advisory said. All these could shut down devices and slow transmission of data across the Internet. In some cases, they could also allow hackers to execute code and hijack a device, NISCC warned.