The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Cisco Security Monitoring, Analysis and Response System Does Not Properly Validate Remote Device Certificates and Keys

Posted by Xavier Ashe on January 21, 2007

Description:  A vulnerability was reported in the Cisco Security Monitoring, Analysis and Response System (CS-MARS). A remote user may be able to impersonate a trusted device to obtain sensitive information or report incorrect information.

The system does not properly validate the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates or the Secure Shell (SSH) public keys presented by the connected managed devices.

A remote user may be able to impersonate a managed device.

Cisco has assigned Cisco Bug ID CSCsf95930 to this vulnerability.

Cisco credits Jan Bervar from NIL Data Communications with reporting this vulnerability.

Impact:  A remote user may be able to impersonate a managed device.
Solution:  The vendor has issued a fixed version (4.2.3 (2403)).

The Cisco advisory is available.

Another fix to the solution above would be to buy IBM Tivoli Security Operations Manager, but my opinion may be slanted at bit :).  Found on SecurityTracker.com.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: