Search This Blog

Sunday, August 28, 2005

[NEWS] Cisco IDS Management Software SSL Certificate Validation Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Cisco IDS Management Software SSL Certificate Validation Vulnerability
------------------------------------------------------------------------

SUMMARY

<http://www.cisco.com/en/US/products/sw/cscowork/ps3990/> CiscoWorks
Management Center for IDS Sensors (IDSMC) is a network security software
agent that provides configuration and signature management for Cisco
Intrusion Detection and Intrusion Prevention systems.

A malicious attacker may be able to spoof a Cisco Intrusion Detection
Sensor (IDS), or Cisco Intrusion Prevention System (IPS) by exploiting a
vulnerability in the SSL certificate checking functionality in IDSMC and
Secmon.

DETAILS

Vulnerable Systems:
* IDSMC version 2.0
* IDSMC version 2.1
* CiscoWorks Monitoring Center for Security (Security Monitor or Secmon)
version 1.1
* CiscoWorks Monitoring Center for Security (Security Monitor or Secmon)
version 2.0
* CiscoWorks Monitoring Center for Security (Security Monitor or Secmon)
version 2.1

Immune Systems:
* IDSMC version 1.0
* IDSMC version 1.2
* CiscoWorks Monitoring Center for Security (Security Monitor or Secmon)
version 1.0

A malicious attacker may be able to spoof an IDS or IPS by exploiting a
vulnerability in the SSL certificate checking functionality in IDSMC and
Secmon. SSL certificates are used to secure and authenticate IDS and IPS
sensors, thereby ensuring safe communication across your network. If
exploited, the attacker may be able to gather login credentials, submit
false data to IDSMC and Secmon or filter legitimate data from IDSMC and
Secmon, thus impacting the integrity of the device and the reporting
capabilities of it.

Vendor Status:
This issue is addressed in Service Pack 1 for IPSMC 2.1 and Security
Monitor 2.1. This service pack is available for download at
<http://www.cisco.com/pcgi-bin/tablebuild.pl/mgmt-ctr-ids-app>
http://www.cisco.com/pcgi-bin/tablebuild.pl/mgmt-ctr-ids-app.

ADDITIONAL INFORMATION

The information has been provided by <mailto:psirt@cisco.com> Cisco
Systems Product Security Incident Response Team.
The original article can be found at:
<http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml>
http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

No comments: