Cisco Intrusion Prevention System and IOS with Unicode Encoding Issue
CVE-2007-2688

Currently unrated

Key Information:

Vendor: Cisco
Status: Ips Sensor Software
Vendor: CVE Published:; 16 May 2007

What is CVE-2007-2688?

The Cisco Intrusion Prevention System (IPS) and Cisco IOS with Firewall/IPS Feature Set are susceptible to vulnerabilities stemming from improper handling of both full-width and half-width Unicode character encodings. This flaw permits remote attackers to potentially bypass detection mechanisms designed for HTTP traffic. As a result, malicious activities could go unnoticed, compromising the security integrity of affected systems. Organizations using these products must implement remediation strategies to mitigate the risk of such evasion techniques effectively.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.osvdb.org/35336

vdb-entryx_refsource_OSVDB

http://www.kb.cert.org/vuls/id/739224

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2007
Vulnerability Reserved
May 15, 2007