Cisco Security Monitoring, Analysis and Response System Does Not Properly Validate Remote Device Certificates and Keys

Description:  A vulnerability was reported in the Cisco Security Monitoring, Analysis and Response System (CS-MARS). A remote user may be able to impersonate a trusted device to obtain sensitive information or report incorrect information.

The system does not properly validate the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates or the Secure Shell (SSH) public keys presented by the connected managed devices.

A remote user may be able to impersonate a managed device.

Cisco has assigned Cisco Bug ID CSCsf95930 to this vulnerability.

Cisco credits Jan Bervar from NIL Data Communications with reporting this vulnerability.

Impact:  A remote user may be able to impersonate a managed device.
Solution:  The vendor has issued a fixed version (4.2.3 (2403)).

The Cisco advisory is available.

Another fix to the solution above would be to buy IBM Tivoli Security Operations Manager, but my opinion may be slanted at bit :).  Found on SecurityTracker.com.

Advertisements

Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek. http://linkedin.com/in/xavierashe

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s