[ISN] Cisco warns of sensor flaw

InfoSec News isn at c4i.org
Thu Aug 25 06:41:42 EDT 2005


By Matthew Broersma
24 August 2005

Networking giant Cisco Systems has warned of a security flaw affecting
two of its widely used security systems.

The flaw, involving SSL (Secure Sockets Layer), affects CiscoWorks
Management Center for IDS Sensors, known as IDSMC, and a related
product, Monitoring Center for Security, also called Security Monitor
or Secmon.

In an advisory, Cisco said an attacker could use the bug to pretend to
be a legitimate Cisco Intrusion Detection Sensor (IDS) or Intrusion
Prevention System (IPS).

That could allow the attacker to collect login credentials, submit
false data to IDSMC and Secmon or filter what data the two products
see. Filtering could be used, for instance, to keep the security
products from detecting an attack.

"If exploited, the attacker may be able to gather login credentials,
submit false data to IDSMC and Secmon or filter legitimate data from
IDSMC and Secmon, thus impacting the integrity of the device and the
reporting capabilities of it," Cisco stated.

IDSMC provides configuration and signature management for IDS and IPS
systems. Secmon provides event collection, viewing and reporting
functions for Cisco network devices. The affected versions include
IDSMC versions 2.0 and 2.1 and Secmon versions 1.1 to 2.0 and version
2.1, Cisco said.

Not affected are IDSMC versions 1.0 to 1.2 and Secmon version 1.0.

Cisco said it isn't aware of any exploit code currently circulating
for the vulnerability. The bug is only exploitable locally, limiting
their impact, according to security researchers.

Separately, Cisco warned of a bug in its Intrusion Prevention System
(IPS) that could allow a local user to gain full administrator

Although the flaws aren't highly serious, the fact that Cisco's
products are so widely used gives them more potential impact. Cisco
offered patching instructions for the flaws in its advisories.

Most major security vendors have been hit with significant security
glitches this year, including Symantec, McAfee and Computer

More information about the ISN mailing list