On 25 February 2009, Cisco has published three new security advisories, which can be exploited by malicious people to conduct a DOS attack or a Remote control attack.
1) Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities that, if exploited, can result in any of the following impacts:
- Administrative level access via default user names and passwords
- Privilege escalation
- A denial of service (DoS) condition
|Vulnerability||Products and Versions Affected|
|Cisco ACE 4710 Appliance||Cisco ACE Module|
|Default Usernames and Passwords||All versions prior to A1(8a)||All versions prior to A2(1.1)|
|Privilege Escalation Vulnerability||All versions prior to A1(8a)||All versions prior to A2(1.2)|
|Crafted SSH Packet Vulnerability||All versions prior to A3(2.1)||All versions prior to A2(1.3)|
|Crafted Simple Network Management Protocol version 2 (SNMPv2) Packet Vulnerability||All versions prior to A3(2.1)||All versions prior to A2(1.3)|
|Crafted SNMPv3 Packet Vulnerability||All versions prior to A1(8.0)||All versions prior to A2(1.2)|
The Cisco ACE 4710 Application Control Engine appliance and the Cisco ACE Application Control Engine Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers are a load-balancing and application-delivery solution for data centers. Multiple vulnerabilities exist in both products. The vulnerabilities that are addressed in this advisory are: Default Usernames and Passwords, Privilege Escalation Vulnerability, Crafted SSH Packet Vulnerability, Crafted SNMPv2c Packet Vulnerability & Crafted SNMPv3 Packet Vulnerability.
An attacker with knowledge of the Default Usernames and Passwords Vulnerability accounts could modify the device configuration and, in certain instances, gain user access to the host operating system. An exploit of the Privilege Escalation Vulnerability could allow an authenticated attacker to execute host operating system administrative commands.
Successful exploitation of the Crafted SSH Packet Vulnerability, Crafted SNMPv2 Packet Vulnerability, and Crafted SNMPv3 Packet Vulnerability may cause a reload of the affected device. Repeated exploitation could result in a sustained DoS condition.
2) Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities
Multiple vulnerabilities exist in the Cisco Application Networking Manager (ANM) and Cisco Application Control Engine (ACE) Device Manager applications. These vulnerabilities are independent of each other. Successful exploitation of these vulnerabilities may result in unauthorized system or host operating system access.
The ANM (all versions prior to ANM 2.0) is vulnerable to: Invalid Directory Permissions, Default User Credentials, MySQL Default Credentials.
The ANM (All versions prior to ANM 2.0 Update A) is vulnerable to: Java Agent Privilege Escalation.
The ACE Device Manager (All versions prior to A3(2.1) ) is vulnerable to: Invalid Directory Permissions.
ANM is a network management application that manages Cisco ACE modules or appliances. ANM is installed on customer provided servers with a Red Hat Enterprise Linux operating system. The ACE Device Manager provides a browser-based interface for configuring and managing a single ACE appliance. The ACE Device Manager resides in flash memory on the ACE appliance. Multiple vulnerabilities exist in ANM and one in the ACE Device Manager products. The vulnerabilities addressed in this security advisory are: Invalid Directory Permissions, Default User Credentials, MySQL Default Credentials and Java Agent Privilege Escalation.
Successful exploitation of the ACE Device Manager and ANM invalid directory permission vulnerabilities may allow unauthorized access to view or modify the ACE Device Manager or ANM file system, including host operating system files. Modification of some system files could result in a denial of service condition.
Exploitation of the ANM default user credential and ANM MySQL database default credential vulnerabilities may allow an attacker to gain unauthorized system access. Modification of ANM settings with the default user credentials could result in a denial of service condition. Unauthorized access to the MySQL database may allow modification of system files that could impact the function of ANM or allow execution of commands on the underlying host operating system.
Successful exploitation of the ANM privilege escalation vulnerability may result in unauthorized remote access to system processes and services with the ability to modify. Modification of these services could result in a denial of service condition.
3) Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
Cisco Unified MeetingPlace Web Conferencing servers may contain an authentication bypass vulnerability that could allow an unauthenticated user to gain administrative access to the MeetingPlace application. Cisco has released free software updates that address this vulnerability.
Cisco Unified MeetingPlace conferencing solution provides functionality that allows organizations to host integrated voice, video, and web conferencing. The solution is deployed on-network, behind the firewall and integrated directly into an organization’s private voice/data networks and enterprise applications. Cisco Unified MeetingPlace servers can be deployed so that the server is accessible from the Internet, allowing external parties to participate in meetings.
Cisco Unified MeetingPlace Web Conferencing servers running software versions 6.0 and 7.0 may be affected by this vulnerability.
The Cisco Unified MeetingPlace Web Conferencing server may contain a vulnerability that could allow an unauthenticated user to use a crafted URL to bypass the authentication mechanisms of the server.
If successful, the user could gain full administrative access to the Cisco Unified MeetingPlace application. This vulnerability is documented in Cisco Bug ID CSCsv65815 ( registered customers only) and has been assigned Common Vulnerability and Exposures (CVE) ID CVE-2009-0614.
Successful exploitation of the vulnerability may result in unauthorized access to the administrative functions of the Cisco Unified MeetingPlace application.