|
| |
|
Security Intelligence Operations
Cisco IOS Linecard Redundancy Unauthorized Access Vulnerability |
| |
| Vulnerability Alert | Powered by  |
|
|
| Threat Type: | Unauthorized Access: Privilege Escalation |
|
| IntelliShield ID: | 16634 |
| Version: | 1 |
| First Published: | September 24, 2008 01:36 PM EDT |
| Last Published: | September 24, 2008 01:36 PM EDT |
| Vector: | Network |
| Authentication: | None |
| Exploit: | Functional |
| Port: |
Not Available
|
| CVE: | CVE-2008-3807 |
| BugTraq ID: | 31355 |
| |
| Urgency: |
Unlikely Use
|  |
| Credibility: |
Confirmed
|  |
| Severity: |
Moderate Damage
|  |
| CVSS Base: | 10.0 |
CVSS Calculator
CVSS Version 2
|
| CVSS Temporal: | 8.3 |
|
|
| |
| Version Summary: | Cisco IOS software contains a vulnerability when running on uBR10012 series devices that could allow an unauthenticated, remote attacker to gain privileged access to the device. Updates are available. |
| |
| |
| Description |
|
Cisco IOS software contains a vulnerability when running on uBR10012 series devices that could allow an unauthenticated, remote attacker to gain privileged access to the device.
The vulnerability exists when the device is configured for linecard redundancy, which is the default setting. The device automatically enables read and write access for SNMP. An attacker could exploit the vulnerability to gain complete control of the device because of the absence of access restrictions on the SNMP communication.
Cisco has confirmed the vulnerability in a security advisory and released updated software. |
| |
| Warning Indicators |
|
The following versions of Cisco IOS software are vulnerable:
Cisco IOS Software Release 12.2BC
Cisco IOS Software Release 12.2CX
Cisco IOS Software Release 12.2CY
Cisco IOS Software Release 12.2XF
Cisco IOS Software Release 12.3BC |
| |
| IntelliShield Analysis |
|
The vulnerability exists due to the default configuration of the linecard redundancy. Following best-practices by modifying default string values could mitigate this vulnerability. A successful exploit could allow the attacker to gain complete control over an affected device.
Cisco indicated through CVSS scoring the existence of functional exploit code; however, this exploit code is not known to be publicly available. |
| |
| Vendor Announcements |
|
Cisco has released a security advisory for Cisco Bug ID CSCek57932 at the following link: cisco-sa-20080924-ubr |
|
| |
| Impact |
|
An unauthenticated, remote attacker could exploit the vulnerability to gain complete control of the device. |
| |
| Technical Information |
|
The vulnerability exists when the device is configured for linecard redundancy, which automatically enables SNMP communication between the device and RF Switch. The SNMP community string is enabled as private with read and write privileges and no access restrictions. An unauthenticated, remote attacker could exploit the vulnerability to gain complete control of the device by sending SNMP requests to the affected system. |
| |
| Safeguards |
|
Administrators are advised to apply the appropriate updates.
Administrators are advised to restrict network access to affected systems.
Administrators are advised to modify the default SNMP community string.
Administrators are advised to monitor affected systems for signs of exploitation.
The Cisco Applied Intelligence team has created the following companion document to guide administrators in identifying and mitigating attempts to exploit this vulnerability prior to applying updated software: cisco-amb-20080924-ubr |
| |
| Patches/Software |
|
Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447 or 1-408-526-7209 or via e-mail at tac@cisco.com. |
|
| |
| Alert History |
| |
Initial Release |
|
Product Sets |
| |
The security vulnerability applies to the following combinations of products.
|
|
LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. |
|
|
| |
