Cisco vulnerability could allow billing system rorting

Second generation Cisco Content Services Gateway affected

Cisco is warning that a vulnerability in its second generation Cisco Content Services Gateway (CSG2) could allow hackers to bypass billing policies and gain access to restricted sites.

In a customer alert the vendor said Cisco Content Services Gateways, which run on the Cisco Service and Application Module for IP (SAMI), could potentially gain access to goods and services for free.

“…Under certain configurations this vulnerability could allow customers to access sites that would normally match a billing policy to be accessed without being charged to the end customer,” the alert reads.

“[It could also allow] customers to access sites that would normally be denied based on configured restriction policies.”

Additionally, the company said Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contained two vulnerabilities that could be exploited by a remote, unauthenticated attacker to create a denial of service condition that prevents traffic from passing through the CSG2.

“These vulnerabilities require only a single content service to be active on the Cisco CSG2 and can be exploited via crafted TCP packets,” the alert reads.

“A three-way handshake is not required to exploit either of these vulnerabilities.”

According to Cisco, workarounds that mitigate these vulnerabilities were unavailable