News
News
7/19/2006
07:12 PM
Connect Directly
RSS
E-Mail
50%
50%

Cisco Patches Several CS-MARS Vulnerabilities

The CS-MARS appliance monitors multiple network devices for security problems by examining configurations on routers and switches. It also allows companies to verify the security of their infrastructure against predefined security checklists.

Cisco has reported multiple vulnerabilities in its Cisco Security Monitoring, Analysis and Response System (CS-MARS) appliances that could allow remote attackers to gain unauthorized access to the appliance and view sensitive data.

The CS-MARS appliance monitors multiple network devices for security problems by examining configurations on routers and switches, and it also enables companies to verify the security of their infrastructure against pre-defined security checklists.

Cisco issued a security advisory Wednesday and has made fixes available for the flaws, which affect CS-MARS appliances prior to version 4.2.1.

CS-MARS includes a JBoss web application server that could potentially allow an unauthenticated attacker to log in remotely and send specially designed HTTP requests to the CS-MARS appliance which would enable them to execute commands on the appliance with administrator privileges, Cisco said.

Security researcher Jon Hart posted a proof of concept for the JBoss flaw to the Full-Disclosure security mailing list Wednesday. In his post, Hart cited issues with JBoss version 3.2.7 which ships with CS-MARS, as well as a lack of security in the jmx console, which provides a view into the microkernel of the JBoss application server.

"Once an attacker has access to the jmx-console, the thoroughness with which the box can be compromised is only limited by their imagination," Hart wrote.

Meanwhile, a separate vulnerability stems from the Oracle database that is included with CS-MARS appliance and can be used to store network event information and authentication data for firewalls, routers and IPS devices. The database includes a number of default Oracle accounts with well-known passwords, which could allow attackers to access confidential information within the database, Cisco said.

However, CS-MARS appliance doesn't use the default Oracle database account and has been fortified to prevent local and remote unauthorized access to the database. The database accounts have also been disabled as a precautionary measure to prevent the vulnerability from being exploited, according to Cisco.

A number of vulnerabilities in the CS-MARS Command Line Interface (CLI), which administrators use to maintain the system, could make it possible for an authenticated administrator to execute arbitrary commands with root level privileges, Cisco said.

Symantec, in a DeepSight Threat Management System bulletin issued Wednesday, rated the vulnerabilities as 10 out of 10 in terms of both impact and severity.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July10, 2014
When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.