Cisco closes numerous holes in its security products
Cisco has released updates to close numerous security holes in several of its products. The ASA 5500 Adaptive Security Appliances are most affected. They alone contain six vulnerabilities that can be exploited to remotely cripple or reboot a device via specially crafted TCP, SIP, SCCP or IKE packets. Furthermore, attackers can trick its integrated NTLMv1 authentication into granting device access via manipulated user names.
A flaw in the processing of SCCP (Skinny Client Control Protocol) packets also affects the Firewall Services Module used, for instance, in switches of the Catalyst 6500 series and in series 7600 routers.
Cisco's Security Agent management software contains a directory traversal and a SQL injection vulnerability. According to Cisco's advisory, an authenticated user can exploit the directory traversal hole to view and retrieve arbitrary files stored on a server. The SQL injection vulnerability allows users to manipulate the database without prior authentication.
The Security Agent itself can also be compromised via specially crafted TCP packets which trigger a system crash – and, therefore, usually cause the monitored client or server to crash. However, the flaw is only contained in the Linux version; the versions for Windows and Solaris are not affected. The agent is included in various Cisco products by default, for instance in Cisco Unified Communications Manager (CallManager), Cisco Conference Connection (CCC), Cisco Unity and Cisco Security Manager (CSM). Details of the exact versions that are affected are included in the vendor's original advisory.
See also:
- Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances, security advisory from Cisco.
- Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability, security advisory from Cisco.
- Multiple Vulnerabilities in Cisco Security Agent, security advisory from Cisco.
(crve)