CERTA-2005-AVI-320
Vulnerability from certfr_avis - Published: 2005-08-23 - Updated: 2005-08-23
Une vulnérabilité dans Cisco IDSMC et CiscoWorks Monitoring for Security permet à un utilisateur mal intentionné de porter atteinte à l'intégrité des données.
Description
CiscoWorks Management Center for IDS Sensors (IDSMC) est un logiciel permettant la configuration et la gestion des signatures pour les IDS (Intrusion Detection System) et les IPS (Intrusion Prevention System) Cisco. Monitoring Center for Security (Secmon), quant à lui, permet de collecter, visualiser et manipuler des événements envoyés par des équipements Cisco.
Une erreur dans la validation des certificats SSL (Secure Sockets Layer) de ces produits permet à un utilisateur mal intentionné du réseau local de substituer une machine arbitraire à un IDS ou à un IPS. Il peut alors envoyer de fausses données à IDSMC ou Secmon.
Solution
Se référer au bulletin de sécurité Cisco pour appliquer le correctif approprié (cf. Documentation).
None| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IDSMC version 2.0 et 2.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CiscoWorks Monitoring Center for Security (Security Monitor ou Secmon) de la version 1.1 \u00e0 la version 2.0 ainsi que la version 2.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nCiscoWorks Management Center for IDS Sensors (IDSMC) est un logiciel\npermettant la configuration et la gestion des signatures pour les IDS\n(Intrusion Detection System) et les IPS (Intrusion Prevention System)\nCisco. Monitoring Center for Security (Secmon), quant \u00e0 lui, permet de\ncollecter, visualiser et manipuler des \u00e9v\u00e9nements envoy\u00e9s par des\n\u00e9quipements Cisco.\n\nUne erreur dans la validation des certificats SSL (Secure Sockets Layer)\nde ces produits permet \u00e0 un utilisateur mal intentionn\u00e9 du r\u00e9seau local\nde substituer une machine arbitraire \u00e0 un IDS ou \u00e0 un IPS. Il peut alors\nenvoyer de fausses donn\u00e9es \u00e0 IDSMC ou Secmon.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Cisco pour appliquer le correctif\nappropri\u00e9 (cf. Documentation).\n",
"cves": [],
"initial_release_date": "2005-08-23T00:00:00",
"last_revision_date": "2005-08-23T00:00:00",
"links": [],
"reference": "CERTA-2005-AVI-320",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans Cisco IDSMC et CiscoWorks Monitoring for Security\npermet \u00e0 un utilisateur mal intentionn\u00e9 de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco IDS Management Software",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 66142 du 22 ao\u00fbt 2005",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.