Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, August 26, 2005

Cisco sensor flaw

Cisco Systems has warned of a security flaw affecting two of its widely used security systems, IDSMC and Secmon.  The flaw involves SSL (Secure Sockets Layer) and affects CiscoWorks Management Center for IDS Sensors (IDSMC) as well as Monitoring Center for Security, also called Security Monitor or Secmon.

Cisco said in an advisory that an attacker could use the bug to pretend to be a legitimate Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS), and collect login credentials, submit false data to IDSMC and Secmon or filter what data the two products see.

Cisco also warned, as a separate matter, a bug in its Intrusion Prevention System (IPS) that could allow a local user to gain full administrator privileges.

Although the flaws aren’t highly serious, the fact that Cisco’s products are so widely used gives them more potential impact.

Cisco offered patching instructions for the flaws in its advisories.

Posted on 08/26