Cisco warns of sensor flaw
Could be used to spoof intrusion detection and prevention system.
By Matthew Broersma | Techworld | Published: 15:15, 24 August 2005
Networking giant Cisco Systems has warned of a security flaw affecting two of its widely used security systems.
The flaw, involving SSL (Secure Sockets Layer), affects CiscoWorks Management Center for IDS Sensors, known as IDSMC, and a related product, Monitoring Center for Security, also called Security Monitor or Secmon.
In an advisory, Cisco said an attacker could use the bug to pretend to be a legitimate Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS).
That could allow the attacker to collect login credentials, submit false data to IDSMC and Secmon or filter what data the two products see. Filtering could be used, for instance, to keep the security products from detecting an attack.
"If exploited, the attacker may be able to gather login credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it," Cisco stated.
IDSMC provides configuration and signature management for IDS and IPS systems. Secmon provides event collection, viewing and reporting functions for Cisco network devices. The affected versions include IDSMC versions 2.0 and 2.1 and Secmon versions 1.1 to 2.0 and version 2.1, Cisco said.
Not affected are IDSMC versions 1.0 to 1.2 and Secmon version 1.0.
Cisco said it isn't aware of any exploit code currently circulating for the vulnerability. The bug is only exploitable locally, limiting their impact, according to security researchers.
Separately, Cisco warned of a bug in its Intrusion Prevention System (IPS) that could allow a local user to gain full administrator privileges.
Although the flaws aren't highly serious, the fact that Cisco's products are so widely used gives them more potential impact. Cisco offered patching instructions for the flaws in its advisories.
Most major security vendors have been hit with significant security glitches this year, including Symantec, McAfee and Computer Associates.