Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Cisco sensor flaw

Cisco sensor flaw

by Nikola Strahija on August 26th, 2005 Cisco Systems has warned of a security flaw affecting two of its widely used security systems, IDSMC and Secmon.


The flaw involves SSL (Secure Sockets Layer) and affects CiscoWorks Management Center for IDS Sensors (IDSMC) as well as Monitoring Center for Security, also called Security Monitor or Secmon.

Cisco said in an advisory that an attacker could use the bug to pretend to be a legitimate Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS), and collect login credentials, submit false data to IDSMC and Secmon or filter what data the two products see. Filtering could be used, for instance, to keep the security products from detecting an attack.

-If exploited, the attacker may be able to gather login credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it, Cisco stated.

The affected versions include IDSMC versions 2.0 and 2.1 and Secmon versions 1.1 to 2.0 and version 2.1, Cisco said, and not affected are IDSMC versions 1.0 to 1.2 and Secmon version 1.0.

Cisco said it isn't aware of any exploit code currently circulating for the vulnerability, but the bug is exploitable only locally so the impact is limited.
Cisco also warned, as a separate matter, a bug in its Intrusion Prevention System (IPS) that could allow a local user to gain full administrator privileges.

Although the flaws aren't highly serious, the fact that Cisco's products are so widely used gives them more potential impact. Cisco offered patching instructions for the flaws in its advisories.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »