Cisco vulnerabilities by product, model, software, and advisory.
Cisco Security Monitoring, Analysis and Response System and Adaptive Security Device Manager Secure Communication Vulnerability
Cisco-SA-20070118-CVE-2007-0397 · Medium · Published · Updated
Cisco Security Monitoring, Analysis and Response System versions prior to 4.2.3 and Cisco Adaptive Security Device Manager versions prior to 5.2(2.1) contain a vulnerability that could allow an unauthenticated, remote attacker to impersonate a device managed by the system. The vulnerability exists because the devices to not properly validate SSL/TLS certificates or SSH public keys from managed devices. An unauthenticated, remote attacker could exploit this vulnerability to impersonate devices managed by the system. An attacker could leverage this to gain access to sensitive information, such as authentication credentials, or submit false data to the system. Exploit code is not required to exploit this vulnerability. Cisco confirmed the vulnerability with a security advisory and released updated software. Because the affected applications do not validate the SSL/TLS certificates or SSH public keys presented by their managed devices, an attacker could set up a system with the same IP address as a vulnerable system and hope that a connection will be mistakenly made to the impersonating device rather than the legitimate one. This is a possibility, given the nature of IP routing, when there is more than one system on the network with the same IP address. However, erratic routing behavior is likely to result under these circumstances. Some packets may be sent to the legitimate system while others may be sent to the impersonator, making it harder for the attacker to obtain authentication credentials or to send misleading information.
Administrators are advised to apply the appropriate update.
Administrators of Cisco Adaptive Security Device Manager systems are advised to launch ASDM services using a web browser as opposed to the stand-alone ASDM Launcher.
Administrators are advised to configure IP-based ACLs on both affected systems and their managed systems to restrict connectivity to those systems from which connectivity is needed.