Security holes in Cisco MARS
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) comes delivered with an Oracle database and a JBoss web application server. Vulnerabilities in these components also impact CS-MARS, potentially allowing attackers to achieve full access to the system. They also open the door for registered administrators to execute commands with root rights.
The integrated Oracle database includes standard accounts with publicly known passwords. Hackers can use these to access the database, and possibly even get their hands on access data of real users stored there. For its part, the JBoss server can be tripped up through manipulated http queries, allowing unauthenticated individuals to execute shell commands as desired on CS-MARS with administrator rights.
Another hole in the command line interface allows users to expand their own rights. Administrators with restricted access can thereby execute commands with root rights. Cisco is soon to release new software versions to close these security holes. CS-MARS administrators should install these updates as soon as possible.
- Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS), Advisory from Cisco.