The CS-MARS appliance monitors multiple network devices for security problems by examining configurations on routers and switches. It also allows companies to verify the security of their infrastructure against predefined security checklists.
Cisco has reported multiple vulnerabilities in its Cisco Security Monitoring, Analysis and Response System (CS-MARS) appliances that could allow remote attackers to gain unauthorized access to the appliance and view sensitive data.
The CS-MARS appliance monitors multiple network devices for security problems by examining configurations on routers and switches, and it also enables companies to verify the security of their infrastructure against pre-defined security checklists.
Cisco issued a security advisory Wednesday and has made fixes available for the flaws, which affect CS-MARS appliances prior to version 4.2.1.
CS-MARS includes a JBoss web application server that could potentially allow an unauthenticated attacker to log in remotely and send specially designed HTTP requests to the CS-MARS appliance which would enable them to execute commands on the appliance with administrator privileges, Cisco said.
Security researcher Jon Hart posted a proof of concept for the JBoss flaw to the Full-Disclosure security mailing list Wednesday. In his post, Hart cited issues with JBoss version 3.2.7 which ships with CS-MARS, as well as a lack of security in the jmx console, which provides a view into the microkernel of the JBoss application server.
"Once an attacker has access to the jmx-console, the thoroughness with which the box can be compromised is only limited by their imagination," Hart wrote.
Meanwhile, a separate vulnerability stems from the Oracle database that is included with CS-MARS appliance and can be used to store network event information and authentication data for firewalls, routers and IPS devices. The database includes a number of default Oracle accounts with well-known passwords, which could allow attackers to access confidential information within the database, Cisco said.
However, CS-MARS appliance doesn't use the default Oracle database account and has been fortified to prevent local and remote unauthorized access to the database. The database accounts have also been disabled as a precautionary measure to prevent the vulnerability from being exploited, according to Cisco.
A number of vulnerabilities in the CS-MARS Command Line Interface (CLI), which administrators use to maintain the system, could make it possible for an authenticated administrator to execute arbitrary commands with root level privileges, Cisco said.
Symantec, in a DeepSight Threat Management System bulletin issued Wednesday, rated the vulnerabilities as 10 out of 10 in terms of both impact and severity.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.