Cisco Security Manager versions 3.1.1 SP3 and prior and versions prior to 3.2.2 contain a vulnerability that could allow an unauthenticated, remote attacker to gain unauthorized access to the IPS Event Viewer (IEV) application.
Cisco Security Manager is designed to configure firewall, VPN, and intrusion prevention system (IPS) services on Cisco networks and security devices. The Cisco IEV Java-based application is installed by default and provides users with the ability to view and manage alerts for up to five sensors and report high-priority alerts, attackers, and victims over a predefined number of hours or days.
The vulnerability exists in the Cisco Security Manager server when the IEV application is used. When the IEV application is launched, it opens numerous TCP ports on the Cisco Security Manager server and client that are remotely accessible. The attacker could exploit this vulnerability to gain unauthorized access to the IEV database and server, enabling the attacker to add, delete, or modify the devices in the IEV.
Cisco has confirmed this vulnerability and released updated software.