The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[NEWS] Cisco IDS Management Software SSL Certificate Validation Vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 28 Aug 2005 10:21:33 +0200
Subject: [NEWS] Cisco IDS Management Software SSL Certificate Validation Vulnerability
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20050828111955.4D59C573B@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -




  Cisco IDS Management Software SSL Certificate Validation Vulnerability


SUMMARY

 <http://www.cisco.com/en/US/products/sw/cscowork/ps3990/>; CiscoWorks 
Management Center for IDS Sensors (IDSMC) is a network security software 
agent that provides configuration and signature management for Cisco 
Intrusion Detection and Intrusion Prevention systems.

A malicious attacker may be able to spoof a Cisco Intrusion Detection 
Sensor (IDS), or Cisco Intrusion Prevention System (IPS) by exploiting a 
vulnerability in the SSL certificate checking functionality in IDSMC and 
Secmon.

DETAILS

Vulnerable Systems:
 * IDSMC version 2.0
 * IDSMC version 2.1
 * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) 
version 1.1
 * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) 
version 2.0
 * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) 
version 2.1

Immune Systems:
 * IDSMC version 1.0
 * IDSMC version 1.2
 * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) 
version 1.0

A malicious attacker may be able to spoof an IDS or IPS by exploiting a 
vulnerability in the SSL certificate checking functionality in IDSMC and 
Secmon. SSL certificates are used to secure and authenticate IDS and IPS 
sensors, thereby ensuring safe communication across your network. If 
exploited, the attacker may be able to gather login credentials, submit 
false data to IDSMC and Secmon or filter legitimate data from IDSMC and 
Secmon, thus impacting the integrity of the device and the reporting 
capabilities of it.

Vendor Status:
This issue is addressed in Service Pack 1 for IPSMC 2.1 and Security 
Monitor 2.1. This service pack is available for download at  
<http://www.cisco.com/pcgi-bin/tablebuild.pl/mgmt-ctr-ids-app>; 
http://www.cisco.com/pcgi-bin/tablebuild.pl/mgmt-ctr-ids-app.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:psirt@cisco.com.> Cisco 
Systems Product Security Incident Response Team.
The original article can be found at:  
<http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml>; 
http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml




This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: [email protected] In order to subscribe to the mailing list, simply forward this email to: [email protected]

DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру