Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2011-0364 to a friend New vulnerability? New tool? Tell us	CVE-2011-0364 Cisco Security Agent Management Center Code Execution Vulnerability     Credit: The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20110216-csa.shtml Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2011-0364 Details Check for CVE-2011-0364 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Cisco Security Agent software releases 5.1  * Cisco Security Agent software releases 5.2  * Cisco Security Agent software releases 6.0 Immune Systems:  * Cisco Security Agent software versions 6.0.2.145 and later  * Cisco Security Agent installations on end-point workstations or servers are not affected by this vulnerability. The Management Center for Cisco Security Agent is affected by a vulnerability that could allow an unauthenticated attacker to perform remote code execution on the affected device. A successful exploit could allow the attacker to modify agent policies and system configuration and perform other administrative tasks. Successful exploitation of the vulnerability could allow an unauthenticated attacker to perform remote code execution on the affected device and to perform agent policy modification, system configuration, and other administrative tasks. Note: This vulnerability can be exploited only by sending certain packets to the web management interface, which by default listens on TCP port 443. Patch Availability: Cisco Security Agent software can be downloaded from the following link: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278065206 Workaround: The following policy can be configured as a workaround to mitigate this vulnerability. Complete the following steps to deploy this policy for the Cisco Security Agent running on the Management Center for Cisco Security Agent server. Create a New Application Class Step 1. Specify the name of the application class as 'CSA MC - all applications but not its descendants'. Step 2. Select when created from one of the following executables in the Add Process to application class area and specify @(regpath HKLM\SOFTWARE\Cisco\CSAMC60\ProductRootDir default=**\CSAMC*)\**\*.exe as the value. Step 3. Ensure that the Only this process option is selected. Step 4. Click Save. Create a priority deny Application Control Rule Step 1. Name the APCR as CSAMC applications invoking non-CSAMC applications for better readability. Step 2. Enable logging. Step 3. For Current applications in any of the following selected classes select the application class created under "Create a New Application Class." For the But not option, select . Step 4. For New applications in any of the following selected classes select . For the But not option, select the new application class created under "Create a New Application Class." Step 5. Click Save. CVE Information: CVE-2011-0364 Disclosure Timeline: Revision 1.0 2011-Feb-16 Initial public release.  Comments on CVE-2011-0364:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®