Security update for Cisco's Security Agent Management Center
Cisco has released a flaw advisory describing a vulnerability in Cisco Security Agent Management Center (CSAMC) through which an unauthorised user could fool the authentication process and log in as an administrator. The Security Agent Management Center is used to remotely configure the Security Agents (CSA) for clients and server. An attacker with privileged rights could deactivate the protection through CSAs for all devices.
The attack will only function if CSMAC uses an LDAP server for authentication, which is not the default setting. Where that is the case, the attacker need only enter the name of a valid administrator and can leave the password empty while simulating a specific error message to the LDAP server. This causes the CSMAC to misinterpret the login procedure as valid. Only version 5.1 of CSMAC is affected, with an update already released to remove the problem.
- Cisco Security Agent Management Center LDAP Administrator Authentication Bypass, flaw advisory from Cisco