[NEWS] Cisco IDS Management Software SSL Certificate Validation Vulnerability

The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Cisco IDS Management Software SSL Certificate Validation Vulnerability
------------------------------------------------------------------------


SUMMARY

 <http://www.cisco.com/en/US/products/sw/cscowork/ps3990/> CiscoWorks 
Management Center for IDS Sensors (IDSMC) is a network security software 
agent that provides configuration and signature management for Cisco 
Intrusion Detection and Intrusion Prevention systems.

A malicious attacker may be able to spoof a Cisco Intrusion Detection 
Sensor (IDS), or Cisco Intrusion Prevention System (IPS) by exploiting a 
vulnerability in the SSL certificate checking functionality in IDSMC and 
Secmon.

DETAILS

Vulnerable Systems:
 * IDSMC version 2.0
 * IDSMC version 2.1
 * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) 
version 1.1
 * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) 
version 2.0
 * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) 
version 2.1

Immune Systems:
 * IDSMC version 1.0
 * IDSMC version 1.2
 * CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) 
version 1.0

A malicious attacker may be able to spoof an IDS or IPS by exploiting a 
vulnerability in the SSL certificate checking functionality in IDSMC and 
Secmon. SSL certificates are used to secure and authenticate IDS and IPS 
sensors, thereby ensuring safe communication across your network. If 
exploited, the attacker may be able to gather login credentials, submit 
false data to IDSMC and Secmon or filter legitimate data from IDSMC and 
Secmon, thus impacting the integrity of the device and the reporting 
capabilities of it.

Vendor Status:
This issue is addressed in Service Pack 1 for IPSMC 2.1 and Security 
Monitor 2.1. This service pack is available for download at  
<http://www.cisco.com/pcgi-bin/tablebuild.pl/mgmt-ctr-ids-app> 
http://www.cisco.com/pcgi-bin/tablebuild.pl/mgmt-ctr-ids-app.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:psirt@xxxxxxxxx> Cisco 
Systems Product Security Incident Response Team.
The original article can be found at:  
<http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml> 
http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@xxxxxxxxxxxxxx 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@xxxxxxxxxxxxxx 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.