Aug
5
2011

July 2011: three Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories:

  • Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability
  • Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities
  • Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability

 

Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability
Cisco TelePresence Recording Server Software Release 1.7.2.0 includes a root administrator account that is enabled by default. Successful exploitation of the vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings.

Vulnerable Products
Cisco TelePresence Recording Server Software Release 1.7.2 is affected by this vulnerability.

Details
The Cisco TelePresence solution allows an immersive, in-person communication and collaboration over the network with colleagues, prospects, and partners, even when they are located in opposite hemispheres.

Impact
Successful exploitation of this vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings.

Link: http://www.cisco.com/…/security_advisory09186a0080b8ad3f.shtml

 

Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities
Cisco SA 500 Series Security Appliances are affected by two vulnerabilities on their web-based management interface. An attacker must have valid credentials for an affected device to exploit one vulnerability; exploitation of the other does not require authentication. Both vulnerabilities can be exploited over the network.

Vulnerable Products
These vulnerabilities affect the following devices running a software version prior to the first fixed release documented in the Software Versions and Fixes section of this advisory:

  • Cisco SA520
  • Cisco SA520W
  • Cisco SA540

Details
Cisco SA 500 Series Security Appliances are affected by two web management interface vulnerabilities:

  • SQL Injection Vulnerability: The login form of the SA 500 Series Security Appliances is vulnerable to a SQL injection vulnerability that could allow an unauthenticated, remote attacker to obtain usernames and passwords that are configured on an affected device.
  • Privilege Escalation Vulnerability: An authenticated user who is logged in to an affected device could exploit this vulnerability to inject arbitrary commands into the underlying operating system. By supplying malicious parameters through several web forms, the attacker could gain root privileges.

Impact
Successful exploitation of the SQL injection vulnerability could allow the retrieval of usernames and passwords. An authenticated user could exploit the privilege escalation vulnerability to execute underlying operating system commands.

Link: http://www.cisco.com/…/security_advisory09186a0080b8915e.shtml

 

Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability
Cisco 9000 Series Aggregation Services Routers (ASR) running Cisco IOS XR Software version 4.1.0 contain a vulnerability that may cause a network processor in a line card to lock up while processing an IP version 4 (IPv4) packet. As a consequence of the network processor lockup, the line card that is processing the offending packet will automatically reload.

Vulnerable Products
This vulnerability affects the following Cisco ASR 9000 Series devices when they are running Cisco IOS XR Software version 4.1.0 without the SMU asr9k-p-4.1.0.CSCtr26695.tar installed:

  • Cisco ASR 9006 router
  • Cisco ASR 9010 router

Details
Cisco ASR 9000 Series devices running Cisco IOS XR Software version 4.1.0 contain a vulnerability that may cause a network processor in a line card to lock up while processing an IPv4 packet. As a consequence of the network processor lockup, the line card that is processing the offending packet will automatically reload.

This vulnerability can be triggered only by IPv4 packets. If only IP version 6 (IPv6) is in use, the device is not vulnerable.

Both transit IPv4 packets and IPv4 packets directed to the device itself may trigger this vulnerability.

One or both the following messages may appear in the system log:

  • PLATFORM-DIAGS-3-PUNT_FABRIC_DATA_PATH_FAILED
  • PLATFORM-DIAGS-0-LC_NP_LOOPBACK_FAILED

Impact
Successful exploitation of the vulnerability described in this advisory may cause the affected line card to reload. Repeated exploitation could result in a sustained denial of service (DoS) condition.

Link: http://www.cisco.com/…/security_advisory09186a0080b89155.shtml