In association with heise online

18 February 2010, 11:47

Cisco closes numerous holes in its security products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco Logo Cisco has released updates to close numerous security holes in several of its products. The ASA 5500 Adaptive Security Appliances are most affected. They alone contain six vulnerabilities that can be exploited to remotely cripple or reboot a device via specially crafted TCP, SIP, SCCP or IKE packets. Furthermore, attackers can trick its integrated NTLMv1 authentication into granting device access via manipulated user names.

A flaw in the processing of SCCP (Skinny Client Control Protocol) packets also affects the Firewall Services Module used, for instance, in switches of the Catalyst 6500 series and in series 7600 routers.

Cisco's Security Agent management software contains a directory traversal and a SQL injection vulnerability. According to Cisco's advisory, an authenticated user can exploit the directory traversal hole to view and retrieve arbitrary files stored on a server. The SQL injection vulnerability allows users to manipulate the database without prior authentication.

The Security Agent itself can also be compromised via specially crafted TCP packets which trigger a system crash – and, therefore, usually cause the monitored client or server to crash. However, the flaw is only contained in the Linux version; the versions for Windows and Solaris are not affected. The agent is included in various Cisco products by default, for instance in Cisco Unified Communications Manager (CallManager), Cisco Conference Connection (CCC), Cisco Unity and Cisco Security Manager (CSM). Details of the exact versions that are affected are included in the vendor's original advisory.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit