Cisco SSL certificate IDS/IPS spoofing

cisco-ssl-certificate-ids-ips-spoof (21946) The risk level is classified as MediumMedium Risk

Description:

CiscoWorks Management Center for IDS Sensors (IDSMC) could allow a remote attacker to spoof an IDS or an Intrustion Prevention System (IPS) caused by a vulnerability in the Secure Socket Layer (SSL) certificate checking functionality. A remote attacker could use this vulnerability to spoof the IDS or the IPS and possibly obtain login credentials, submit false information to the IDSMC and Secmon, or filter valid information from the IDSMC and Secmon.


Consequences:

Gain Access

Remedy:

Upgrade to to Service Pack 1 for Cisco IPSMC version 2.1 or Security Monitor 2.1, as listed in Cisco Security Advisory 2005 August 22 1700 UTC (GMT). See References.

References:

  • Cisco Security Advisory 2005 August 22 1700 UTC (GMT): SSL Certificate Validation Vulnerability in IDS Management Software.
  • BID-14628: Cisco IDS Management Software SSL Certificate Validation Vulnerability
  • CVE-2005-2695: Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS).
  • SA16544: Cisco IDS Management Software SSL Certificate Validation Vulnerability

Platforms Affected:

  • Cisco CiscoWorks Management Center for IDS Sensors 2.0
  • Cisco CiscoWorks Management Center for IDS Sensors 2.1
  • Cisco CiscoWorks Monitoring Center for Security 1.1
  • Cisco CiscoWorks Monitoring Center for Security 2.0
  • Cisco CiscoWorks Monitoring Center for Security 2.1

Reported:

Aug 22, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page