Critical security vulnerability in Cisco Security Agent
A critical vulnerability in the Cisco Security Agent (CSA) for Microsoft Windows can be exploited to cause a Windows system to freeze (blue screen) or to inject malicious code and execute it with system privileges. The CSA desktop is actually intended to protect against attacks, viruses and worms. However, a buffer overflow in one of the agent's system drivers when processing TCP segments on SMB port 139 or 445 rather undermines this. A successful attack does not require authentication.
Furthermore, according to Cisco it does not matter whether the system is managed or the agent is running standalone. However, systems which are affected in principle, such as the Cisco Secure Access Control Server (ACS) Solution Engine, also run a firewall, so in the default configuration the system as a whole would not be vulnerable. Cisco has graded the vulnerability as a 10 – the highest possible score – under the Common Vulnerability Scoring System (CVSS). The vendor has released a bug-fixed version. As a workaround, Cisco suggests filtering ports 139 and 445. Cisco has frequently found itself wrestling with security-related bugs in CSA.
Cisco's security advisories are now being presented in a new format. The old reports were already very clearly set out, but it is now possible to find the required information even more quickly.
- Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability, security advisory from Cisco