SecuriTeam - Cisco Secure Content Accelerator Vulnerable to SSL Worm

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

CanSecWest 2012

2nd Annual Cyber Security

Hack In Paris

As we reported in our previous article: "Slapper" OpenSSL/Apache Worm Propagation, a worm has been infecting and spreading from these infected machines to other machines, by means of exploiting a well known vulnerability in OpenSSL, it has been now made clear that Cisco's Secure Content Accelerator (un-patched version) is also vulnerable to attack, and is being actively compromised.

Credit:
The information has been provided by Matt Zimmerman and Mike Caudill.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Vulnerable systems:
* Cisco SCA 11000 Series Secure Content Accelerator

Attempts to exploit the vulnerability described in CAN-2002-0656 cause the SCA 11000 (all tested software releases) to spontaneously reboot, resulting in at least a denial of service. This product incorporates code from an older OpenSSL release, and thus shares the same vulnerability. There is no known means to work around this issue, short of disabling SSL services on the system.

Cisco's Secure Content Accelerator is closely related to SonicWALL's SSL offloader product. The SonicWALL product was also vulnerable, and a statement and fix were issued promptly:
http://www.sonicwall.com/support/security_advisories/security_advisory-openSSL.html

No official fix is as yet available from Cisco for this issue, and no advisory has been released. Impact is likely equivalent to impact on the SonicWALL product.

Cisco PSIRT publishes advisories here:
http://www.cisco.com/warp/public/707/advisory.html

Vendor response:
We can confirm the finding made by Matt Zimmerman for all older releases of the Cisco Secure Content Accelerator software.

Cisco has released version 3.2.0.20 of Cisco Secure Content Accelerator software on September 27, 2002 which resolves the OpenSSL issue.

The new version of software is available to customers via our website at:
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-conacc

This problem has been documented in the Release-notes for version 3.2.0.20 online at:
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_320/v320b20.htm#xtocid13

blog comments powered by Disqus

	HP Data Protector LogBackupLocationStatus SQL Injection Vulnerabilty
	InduSoft WebStudio Unauthenticated Operations Code Execution Vulnerabilityy
	InduSoft WebStudio CEServer Operation 0x15 Code Execution Vulnerability
	HP Data Protector Notebook Extension RequestCopy SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension GetPolicies SQL Injection Vulnerabilty
	GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability
	HP Data Protector Notebook Extension LogClientHealth SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogCopyOperation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension FinishedCopy SQL Injection Vulnerabilty
	Novell ZENWorks Software Packaging ISGrid.Grid2.1 Text Parameter Code Execution Vulnerabilit
	Adobe Reader BMP Image RLE Decoding Code Execution Vulnerability
	Apple QuickTime H264 Matrix Conversion Code Execution Vulnerability
	Apple QuickTime FLC Delta Decompression Code Execution Vulnerability
	Apple Quicktime PnPixPat PatType 3 Parsing Code Execution Vulnerability