|
|
|
|
| |
Credit:
The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20100526-mediator.shtml
|
| |
Vulnerable Systems:
* CSCtb83495 1.5.1, 2.2, 3.0.8
* CSCtb83607 2.2, 3.0.8
* CSCtb83618 1.5.1, 2.2, 3.0.8
* CSCtb83631 1.5.1, 2.2, 3.0.8
* CSCtb83505 1.5.1, 2.2, 3.0.8
* CSCtb83512 1.5.1, 2.2, 3.0.8
This security advisory describes multiple distinct vulnerabilities in the legacy Richards-Zeta Mediator and the Cisco Network Building Mediator. These vulnerabilities are independent of each other:
Default credentials - Default credentials are assigned for several predefined user accounts on the device including the administrative user account. Any user with network access to the device can log in as an administrator and take complete control over the vulnerable device.
Privilege escalation - Vulnerabilities in this category enable unauthorized users to read and modify device configuration. A malicious user must authenticate as an existing user but does not need to have administrator privileges or know administrator credentials to modify device configuration. Both vulnerabilities can be exploited over either transport protocol (HTTP or HTTPS). Additionally, the vulnerability described by Cisco Bug ID CSCtb83618 ( registered customers only) can be used to reload the vulnerable device. Repeated exploitation of this vulnerability can lead to a prolonged denial of service (DoS) condition.
Unauthorized information interception - The following vulnerabilities reflect the fact that sessions between an operator workstation and the Cisco Network Building Mediator are not protected against unauthorized interception. A malicious user able to intercept the sessions could learn any credentials used during intercepted sessions (for administrators and non-administrators alike) and could subsequently take full control of the device.
Unauthorized information access - A malicious user could read one of the system configuration files. This configuration file contains user accounts details, including passwords. Authentication is not required to read this configuration file and an attacker could perform this attack over either XML RPC or XML RPC over HTTPS protocol.
Patch Availability:
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
Workaround:
Administrator's credentials can be changed using the procedure as described in Cisco Network Building Mediator User Guide at http://www.cisco.com/en/US/docs/security/physical_security/cnbm/User/guide/CNBM__UG.pdf.
Details of the procedure are given in the section 2-10 Recovering the Cisco Network Building Mediator.
CVE Information:
CVE-2010-0598
CVE-2010-0599
Disclosure Timeline:
2010-May-26: Initial public release.
|
|
|
|
|
