CERT-In Vulnerability Note CIVN-2009-16
Cisco Security Manager IPS Event Viewer Unauthorized Access Vulnerability

Original Issue Date:January 29, 2009

Severity Rating: High

Systems Affected

• Cisco Security Manager versions 3.1 and 3.2 prior to 3.2.2

Overview

A vulnerability has been reported in Cisco Security Manager that could allow a remote attacker to gain unauthorized access to the IPS Event Viewer (IEV) application

Description

Cisco Security Manager is designed to configure firewall, VPN, and intrusion prevention security services on Cisco network and security devices. As part of Cisco Security Manager installation, the Cisco IEV is installed by default which allows users to view and manage alerts for up to five sensors, including the ability to report top alerts, attackers, and victims over a specified number of hours or days.

Workaround

• Disable the IEV application if it is not being used.

Solution

Apply appropriate fixed versions as mentioned in CISCO Security Advisory.
http://www.cisco.com/warp/public/707/cisco-sa-20090121-csm.shtml

Vendor Information

CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090121-csm.shtml

References

CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090121-csm.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=17414

SecurityTracker
http://securitytracker.com/alerts/2009/Jan/1021619.html

SecurityFocus
http://www.securityfocus.com/bid/33381

CVE Name
CVE-2008-3820


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003