Cisco vulnerabilities by product, model, software, and advisory.
AVS TCP Relay Vulnerability
cisco-sa-20060510-avs · NA · Published · Updated
Cisco Application Velocity System's (AVS) default configuration allows transparent relay of TCP connections to any reachable destination TCP port if the receiving TCP service can process requests embedded in a HTTP POST method message. This issue does not require a software upgrade and can be mitigated by a configuration command for all affected customers. Fixed versions of the AVS software have been modified to provide a more secure default configuration. Cisco has made free software available to address this vulnerability for affected customers installing new AVS Devices. The available workaround must be manually configured to mitigate the impact of this vulnerability for existing AVS devices even if upgrading to a fixed version of software. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060510-avs