Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cisco Security Agent Security Updates: cisco-sa-20100217-csa - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco Security Agent Security Updates: cisco-sa-20100217-csa

From the advisory,  specific CSA versions and components are vulnerable to SQL injection and directory traversal (allowing unauthorized config changes for instance), as well as a DOS (Denial of Service) condition.

Cisco Security Agent releases 5.1, 5.2 and 6.0 are affected by the SQL injection vulnerability. Only Cisco Security Agent release 6.0 is affected by the directory traversal vulnerability. Only Cisco Security Agent release 5.2 is affected by the DoS vulnerability.

Note: Only the Management Center for Cisco Security Agents is affected by the directory traversal and SQL injection vulnerabilities. The agents installed on user end-points are not affected.

Only Cisco Security Agent release 5.2 for Windows and Linux, either managed or standalone, are affected by the DoS vulnerability.

Standalone agents are installed in the following products:

  * Cisco Unified Communications Manager (CallManager)
  * Cisco Conference Connection (CCC)
  * Emergency Responder
  * IPCC Express
  * IPCC Enterprise
  * IPCC Hosted
  * IP Interactive Voice Response (IP IVR)
  * IP Queue Manager
  * Intelligent Contact Management (ICM)
  * Cisco Voice Portal (CVP)
  * Cisco Unified Meeting Place
  * Cisco Personal Assistant (PA)
  * Cisco Unity
  * Cisco Unity Connection
  * Cisco Unity Bridge
  * Cisco Secure ACS Solution Engine
  * Cisco Internet Service Node (ISN)
  * Cisco Security Manager (CSM)

Note: The Sun Solaris version of the Cisco Security Agent is not affected by these vulnerabilities.

The full advisory, including a matrix of vulnerable and fixed versions, can be found here ==> http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml

=============== Rob VandenBrink Metafore ===============

Rob VandenBrink

489 Posts
ISC Handler
Revision 1.2 from Cisco
Last Updated 2010 February 19 1000 UTC (GMT)

The Sun Solaris version of the Cisco Security Agent is not affected by these vulnerabilities. Only Cisco Security Agent release 5.2 for Linux, either managed or standalone, are affected by the DoS vulnerability.


Anonymous

Sign Up for Free or Log In to start participating in the conversation!