The CS-MARS appliance monitors multiple network devices for security problems by examining configurations on routers and switches. It also allows companies to verify the security of their infrastructure against predefined security checklists.
Cisco has reported multiple vulnerabilities in its Cisco Security Monitoring, Analysis and Response System (CS-MARS) appliances that could allow remote attackers to gain unauthorized access to the appliance and view sensitive data.
The CS-MARS appliance monitors multiple network devices for security problems by examining configurations on routers and switches, and it also enables companies to verify the security of their infrastructure against pre-defined security checklists.
Cisco issued a security advisory Wednesday and has made fixes available for the flaws, which affect CS-MARS appliances prior to version 4.2.1.
CS-MARS includes a JBoss web application server that could potentially allow an unauthenticated attacker to log in remotely and send specially designed HTTP requests to the CS-MARS appliance which would enable them to execute commands on the appliance with administrator privileges, Cisco said.
Security researcher Jon Hart posted a proof of concept for the JBoss flaw to the Full-Disclosure security mailing list Wednesday. In his post, Hart cited issues with JBoss version 3.2.7 which ships with CS-MARS, as well as a lack of security in the jmx console, which provides a view into the microkernel of the JBoss application server.
"Once an attacker has access to the jmx-console, the thoroughness with which the box can be compromised is only limited by their imagination," Hart wrote.
Meanwhile, a separate vulnerability stems from the Oracle database that is included with CS-MARS appliance and can be used to store network event information and authentication data for firewalls, routers and IPS devices. The database includes a number of default Oracle accounts with well-known passwords, which could allow attackers to access confidential information within the database, Cisco said.
However, CS-MARS appliance doesn't use the default Oracle database account and has been fortified to prevent local and remote unauthorized access to the database. The database accounts have also been disabled as a precautionary measure to prevent the vulnerability from being exploited, according to Cisco.
A number of vulnerabilities in the CS-MARS Command Line Interface (CLI), which administrators use to maintain the system, could make it possible for an authenticated administrator to execute arbitrary commands with root level privileges, Cisco said.
Symantec, in a DeepSight Threat Management System bulletin issued Wednesday, rated the vulnerabilities as 10 out of 10 in terms of both impact and severity.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.