Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Multiple Cisco Systems Products

PRINT PAGE

IT Security

IPA/ISEC:Vulnerabilities:Security Alert for Vulnerability in Multiple Cisco Systems Products

May 29, 2009
>> JAPANESE

The Information-technology Promotion Agency (IPA, Chairman Koji Nishigaki) announced a security alert on May 29, 2009 concerning security vulnerability in multiple Cisco Systems products.
In the event of an attack, this vulnerability allows external attackers to access sensitive files.
If exploited, important files may be stolen or falsified, and the computer may become under the control of an attacker with malicious intent.
To fix this vulnerability, update to the fixed version supplied by the vendor, or disable the TFTP service in “CiscoWorks Common Services”.

1.Overview

The “CiscoWorks Common Services” function for network management is built into several software products provided by Cisco Systems Inc. including “Cisco Security Manager”.

A security vulnerability known as directory traversal exists within “CiscoWorks Common Services”, which stems from a problem in the network file transfer service (TFTP(*1) service).

In the event of an attack in which this vulnerability is exploited, there is a possibility that an arbitrary file within the computer may be accessed from an external source.

For detailed information, refer to the URL below:
http://www.cisco.com/warp/public/707/cisco-sa-20090520-cw.shtml

For the latest information, refer to the URL below:
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000032.html

The IPA first received a report concerning this vulnerability through the creditee below on October 28, 2008, and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor and made the announcement public on May 29, 2009.
Credit: Jun Okada, NTT Data Security Corporation

2.Impact

In the event of an attack from an external source, there is a possibility that files within the computer may be accessed.

By being able to access these files, important information within the computer may be stolen or falsified, and the attacker with malicious intent may also obtain control of the computer itself.

Security Alert for Vulnerability in Multiple Cisco Systems Products

3.Solution

To fix this vulnerability, update to the fixed version supplied by the vendor, or disable the TFTP service in “CiscoWorks Common Services”.

4.CVSS Severity

(1)Evaluation Result

Severity Rating
(CVSS base score)
□ Low
(0.0~3.9)
□ Medium
(4.0~6.9)
■ High
(7.0~10.0)
CVSS base score     10.0

(2) Base Score Metrics

AV:Access Vector □ Local □ Adjacent
 Network
■ Network
AC:Access Complexity □ High □ Medium ■ Low
Au:Authentication □ Multiple □ Single ■ None
C:Confidentiality Impact □ None □ Partial ■ Complete
I:Integrity Impact □ None □ Partial ■ Complete
A:Availability Impact □ None □ Partial ■ Complete

■:Selected Values

5.CWE Type

Footnote

 (*1)Trivial File Transfer Protocol. Protocol for transfer of files between computers via networks.

Contact

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: