April 2010: two Cisco vulnerabilities
The The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories:
- Cisco Secure Desktop ActiveX Control Code Execution Vulnerability
- Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability
Cisco Secure Desktop ActiveX Control Code Execution Vulnerability
Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system. Cisco has released a free software update that addresses this vulnerability.
Cisco Secure Desktop versions prior to 3.5.841 are affected.
A Cisco-signed ActiveX control that is used by Cisco Secure Desktop fails to properly verify the integrity of an executable file that is used by the Cisco Secure Desktop installation process. If an attacker can entice a user to visit an attacker controlled web page, the vulnerable ActiveX control could be invoked to download an attacker-modified package. The package could contain a malicious executable file that executes with the privileges of the affected user. A successful exploit could result in a complete compromise of a vulnerable system.
Successful exploitation of this vulnerability could result in a complete compromise of the affected system.
Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability
Cisco Small Business Video Surveillance Cameras and Cisco RVS4000 4-port Gigabit Security Routers contain a vulnerability that could allow an authenticated user to view passwords for other users, regardless of the authenticated user’s level of authorization.
An unprivileged user could take advantage of this vulnerability to gain full administrative access on the device or view another user’s credentials.
This vulnerability affects the Cisco RVS4000 4-port Gigabit Security Router and all Cisco Small Business Video Surveillance Cameras, except for the Cisco PVC300 Pan Tilt Optical Zoom Camera. These cameras are affected:
- Cisco PVC2300 Business Internet Video Camera – Audio/PoE
- Cisco WVC200 Wireless-G PTZ Internet Video Camera – Audio
- Cisco WVC210 Wireless-G PTZ Internet Video Camera – 2-way Audio
- Cisco WVC2300 Wireless-G Business Internet Video Camera – Audio
A user on the PVC2300 and WVC2300 cameras can use a specifically crafted URL to bypass any restrictions that are configured to prevent the device configuration from being viewed. The user could then view the passwords for all users on the device.
A user on the WVC200 and WVC210 camera must have been granted setup privileges to take advantage of this vulnerability to view the passwords. The ability to configure setup privileges is not available on the other devices affected by this vulnerability.
Administrative users on the RVS4000 router may be able to view the passwords of other administrative users.
Successful exploitation of the vulnerability could allow an authenticated user to discover all the user passwords contained on the device. The user could use the passwords to gain full administrative access to the device and any other devices that use a common password.
Enter your email address to receive notifications of new posts.