-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0022 Title: Cisco Small Business SRP 500 Series Multiple Vulnerabilities [1] Version history: 27.02.2012 Initial publication Summary ======= Several vulnerabilities have been fixed in Cisco Small Business (SRP 500) Series Services Ready Platforms. CVSS Base Score (most severe vulnerability) CVSS v2 Base Score: 9 (CRITICAL) (AV:N/AC:L/Au:S/C:C/I:C/A:C) [3]) Affected Versions ================= The following Cisco SRP 520 Series models are affected if running firmware prior to version 1.1.26: * Cisco SRP 521W * Cisco SRP 526W * Cisco SRP 527W The following Cisco SRP 520W-U Series models are affected if running firmware prior to version 1.2.4: * Cisco SRP 521W-U * Cisco SRP 526W-U * Cisco SRP 527W-U The following Cisco SRP 540 Series models are affected if running firmware prior to version 1.2.4: * Cisco SRP 541W * Cisco SRP 546W * Cisco SRP 547W Original Details ================ Cisco Small Business (SRP 500) Series Services Ready Platforms contain the following three vulnerabilities: * Cisco SRP 500 Series Web Interface Command Injection Vulnerability * Cisco SRP 500 Series Unauthenticated Configuration Upload Vulnerability * Cisco SRP 500 Series Directory Traversal Vulnerability These vulnerabilities can be exploited using sessions to the Services Ready Platform Configuration Utility web interface. These vulnerabilities could be exploited from the local LAN side of the SRP device by default configuration and the WAN side of the SRP device if remote management is enabled. Remote management is disabled by default. More details provided in the CISCO advisory [1]. What can you do? ================ Deploy the updated versions of the software [2]. Workarounds: The Cisco SRP 500 Series devices are designed as CPE devices, and only disabling access from the outside network will prevent exploitation, from remote networks. The following mitigations help limit exposure to this vulnerability: * Disable Remote Management (Caution: Do not disable remote management if administrators manage devices using the WAN connection. This action will result in a loss of management connectivity to the device.) Remote Management is disabled by default. If it is enabled, administrators can disable this feature by choosing Administration > Web Access Management. Change the setting for the Remote Management field to Disabled. Disabling remote management limits exposure because the vulnerability can then be exploited from the inter-LAN network only. * Limit Remote Management Access to Specific IP Addresses If remote management is required, secure the device so that it can be accessed by certain IP addresses only, rather than the default setting of All IP Addresses. After choosing Administration > Web Access Management, an administrator can change the Allowed Remote IP Address setting to ensure that only devices with specified IP addresses can access the device. What to tell your users? ======================== N/A More information ================ [1] CISCO http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120223-srp500 [2] CISCO Software Download http://www.cisco.com/cisco/software/find.html?q=nx-os [3] Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPS11gAAoJEPpzpNLI8SVo60MQALj7/y5ZTcvGuz2olKogL0zS ChfpYxs7n/KM8C6MiPRH60Jp8Gb0HhtaqoJLKW8ib8jpbogVwZmFodcASpeCn7T1 esBVhQRw2oBZW+0SNXekOORtu65I52s1+c9yCKp76gaI0aJXRM3AAVQ3aM1VeADp ZtePRcB+tOBhG82+Id/sSGXGXyLUBlvLkfDSa4dkENWLM4xrfX5wi0M2sPVIO5B6 EE6ndFo0NY60BSfW6RuwBcsMWNJL0SA3woXvpOBnK604mD+etV4bkEpRIbBuA+Hp fEyDUtafKP6/VYqA3KL0KINdX0eNIs/x44B9f+S9wwE6U9wexOWjvk2OHth0xqnZ /Ltzz46f0NCXc0Y7VNMdI+HuMfmXhcmQc6SNk2zuPGtQ5sus8alc9jFVo/ujIyvm iywSb0gkLh4T7Kgke0PDAfzUrxOZV2wpsi+hJifXIXuJ2CrymUZz2dXeNJDqShDT Xnl/ActURL9A5V1YlIpUb8aTZmzlrbVtVXWa7glshJ105oHXeiQtBfI5xV5JW45p wyqfkDsTCVn0HLN20IRamTa96Wuh8PonVq7SoaKVydn5mKMlWAeW8DrG9/G9pxWW NlNjj7AH0v55yfMEcESYMlnG4QJFgL8l2q51mJOeZZtwdf2NDskOsTSTgripyqm9 FjuucGMKgdltyOMYAnbL =SkD7 -----END PGP SIGNATURE-----