Patches for Cisco Security Manager
Cisco warns that the combination of Cisco Security Manager server and the IPS Event Viewer (IEV) may allow unauthorised access to the underlying MySQL database or the IEV server. It says the cause of the problem is that when the the IEV application is launched it opens remotely accessible ports on the Cisco Security Manager server and on the client. Although when the IEV is subsequently closed, it closes the client ports, it leaves the Cisco Security Manager server ports open.
That leaves the door open, with no requirement for authentication, allowing an un-athenticated attacker to access the MySQL database without alerts being reported by the Intrusion Prevention System.
Cisco Security Manager versions 3.1, 3.1.1.SP3, 3.2.SP2 and 3.2.1.SP1 are affected. Version 3.2.2 doesn't contain the bug. Cisco is providing registered clients with patches for versions 3.1, 3.1.1, 3.2 and 3.2.1.
See also:
- Cisco Security Manager Vulnerability, security advisory from Cisco
(trk)