-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0086 Title: Several Vulnerabilities and Security Notices in multiple Cisco products Version history: 21.10.2013 Initial publication Summary ======= A vulnerability in the fabric interconnect of Cisco Unified Computing System could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by executing certain commands with specific parameters. A successful exploit could allow the attacker to write directly to hardware components, causing a DoS condition on the system. [1] A vulnerability in the firewall modules of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to cause certain internal processes to crash. The vulnerability is due to improper implementation of the firewall rule to limit incoming packets. An attacker could exploit this vulnerability by flooding the affected service with crafted packets. An exploit could allow the attacker to render some processes nonoperational, resulting in a denial of service (DoS) condition [2] Multiple Cisco products include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000. Cisco Business Edition 3000 should contact their Cisco representative for available options. [3] Cisco IOS XR Software contains a vulnerability when handling fragmented packets that may result in a denial of service condition of the Cisco CRS Route Processor cards listed under "Affected Products". The vulnerability affects IOS XR Software versions 3.3.0 to 4.2.0. The vulnerability is a result of improper handing of fragmented packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Customers that are running version 4.2.1 or later of Cisco IOS XR Software, or that have previously installed the SMU for CSCtz62593 are not affected by this vulnerability. [4] Cisco Identity Services Engine (ISE) contains the following vulnerabilities: Cisco ISE Authenticated Arbitrary Command Execution Vulnerability Cisco ISE Support Information Download Authentication Bypass Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the other. Successful exploitation of Cisco ISE Authenticated Arbitrary Command Execution Vulnerability may allow an authenticated remote attacker to execute arbitrary code on the underlying operating system. Successful exploitation of Cisco ISE Support Information Download Authentication Bypass Vulnerability could allow an attacker to obtain sensitive information including administrative credentials. [5] A vulnerability in the GUI function in the web framework code could allow an unauthenticated, remote attacker to cause the GlassFish process to become unresponsive, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improper handling, processing, and termination of HTTP and HTTPS connections. An attacker could exploit this vulnerability by sending multiple HTTP or HTTPS requests to any management-enabled interfaces of the affected system. A full TCP three-way handshake is required to exploit this vulnerability. An exploit could allow the attacker to prevent management access via the GUI. A hard reboot of the affected system is needed to restore full functionality. [6] Vulnerable systems ================== Cisco Unified Computing System (Managed) [1] Cisco Secure Access Control System (ACS) [2] Cisco Apache Struts 2 Component [3] Cisco IOS XR [4] Cisco Identity Services Engine (ISE) [5] Cisco Web Security Appliance (WSA) Cisco Email Security Appliance (ESA) Cisco Content Security Management Appliance (SMA) [6] What can you do? ================ Customers who wish to upgrade to a software version that includes fixes for these issues should contact their normal support channels. Free software updates will not be provided for issues that are disclosed through a Cisco Security Notice. What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5550 [2] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5536 [3] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2 [4] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iosxr [5] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise [6] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5537 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJSYUMuAAoJEPpzpNLI8SVobkQP/RSquXEIu9vsai1ujQEH9KRu QsmdRZPXwNOZ4RBOT3MEPfPG1afO9799B47r+ChjXBufZUO3SQtDv2zDeLl6Bc6m g4mtH/tPKc8hLBT19f+WZrBtDl+YfIKu7deWFzxvt3lAzzCGxJKWLX+p1ihk6Yci u9iD6vXcv6hJLFcX77MT7Af+Mkw6iWhxNJTAwGJOd8OQSJYQIPuKjrV5XGooiRSN X1cCbTe5grTK+HBqqZeXB8yvX0ThDno3dEzHcQWpTiBlPLI+nJDumY3B5k++oUU5 nPSMZLcccBk3FezXS07lXLAaOnTHe9C+xTT7j3mB5B/L7Gm1oHuz4bgo0vNNqOFt Y6Lw3yug1vLkciaEwEepCzRXgoxsNmoFedJAkLVYw1F9ZFkYvfIBeTg1sE6hCaxw /Kx7vMbTMXXYw4frTsu18E/HHJlDbRhAs+QYY9fOlWpfvhgzuGdBBzducTmkG2ZM ZlQbMJPHixxmxddu+Z+EOKCSoimQp1GX3e9pMhQ74FFCXkn9EH2OBeznXFpBR2Rz p0AVmyaJgEc+43KlzN8K5o2O9k9Cg/EUc7AAXtRyYD5MQ8r7cZNq2ac9wqfAdjOJ br6BEUbh5WQD1AV/Zh7JMS5xffHcbsKPx4NHsFP5/ljB2s9EsIbq70ifKvlJ9GWQ UIClMzzeFAQ4qICy4uVF =nO8k -----END PGP SIGNATURE-----