[NEWS] Cisco IDS Management Software SSL Certificate Validation Vulnerability

From: SecuriTeam (support_at_securiteam.com)
Date: 08/28/05

  • Next message: SecuriTeam: "[NEWS] Cisco IPS Privilege Escalation" 
    To: list@securiteam.com
Date: 28 Aug 2005 10:21:33 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Cisco IDS Management Software SSL Certificate Validation Vulnerability
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.cisco.com/en/US/products/sw/cscowork/ps3990/> CiscoWorks
    Management Center for IDS Sensors (IDSMC) is a network security software
    agent that provides configuration and signature management for Cisco
    Intrusion Detection and Intrusion Prevention systems.

    A malicious attacker may be able to spoof a Cisco Intrusion Detection
    Sensor (IDS), or Cisco Intrusion Prevention System (IPS) by exploiting a
    vulnerability in the SSL certificate checking functionality in IDSMC and
    Secmon.

    DETAILS

    Vulnerable Systems:
     * IDSMC version 2.0
     * IDSMC version 2.1
     * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon)
    version 1.1
     * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon)
    version 2.0
     * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon)
    version 2.1

    Immune Systems:
     * IDSMC version 1.0
     * IDSMC version 1.2
     * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon)
    version 1.0

    A malicious attacker may be able to spoof an IDS or IPS by exploiting a
    vulnerability in the SSL certificate checking functionality in IDSMC and
    Secmon. SSL certificates are used to secure and authenticate IDS and IPS
    sensors, thereby ensuring safe communication across your network. If
    exploited, the attacker may be able to gather login credentials, submit
    false data to IDSMC and Secmon or filter legitimate data from IDSMC and
    Secmon, thus impacting the integrity of the device and the reporting
    capabilities of it.

    Vendor Status:
    This issue is addressed in Service Pack 1 for IPSMC 2.1 and Security
    Monitor 2.1. This service pack is available for download at
    <http://www.cisco.com/pcgi-bin/tablebuild.pl/mgmt-ctr-ids-app>
    http://www.cisco.com/pcgi-bin/tablebuild.pl/mgmt-ctr-ids-app.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:psirt@cisco.com> Cisco
    Systems Product Security Incident Response Team.
    The original article can be found at:
    <http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml>
    http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NEWS] Cisco IPS Privilege Escalation"

    Relevant Pages