Cisco has recently addressed several security vulnerabilities in the CS-MARS application (Cisco Security Monitoring, Analysis and Response System).
According to the developers, these security flaws could be exploited by hackers remotely to gain unauthorized access to sensitive devices.
The CS-MARS application monitors security issues on network devices by checking the configurations of routers and switches. Additionally, this application allows businesses to assess the security level of their network infrastructure by comparing it against a list of known vulnerabilities.
It is known that the newly patched security flaws by Cisco only affect CS-MARS versions 4.2.1 or older.
Cisco has released a patch to rectify the aforementioned vulnerabilities. Users can download it from the company’s website.
Cause
The web server application JBoss within CS-MARS is the source of the mentioned security vulnerabilities. Hackers can exploit this application to remotely log in and send HTTP requests to CS-MARS, allowing them to execute commands with administrative privileges.
Yesterday (July 19), security researcher Jon Hart published code demonstrating the ability to exploit the JBoss vulnerability through Full-Disclosure. In his article, the security expert noted that JBoss version 3.2.7 has a security flaw in the JMX Console interface that allows hackers to view microkernel information of the JBoss server application.
Meanwhile, another security vulnerability exists in the Oracle database that accompanies CS-MARS, which can be used to store network information as well as credentials for firewalls, routers, or IPS devices. However, the Oracle database contains several default login accounts with passwords that are widely known. This allows hackers to easily extract information from the database to attack network devices.
Nevertheless, the CS-MARS application does not use the default Oracle database accounts and has patched the security flaw to prevent unauthorized access to the database. Those accounts have been disabled.
In addition, some other security vulnerabilities in the CS-MARS command-line interface can also allow administrators to execute binary code with root-level privileges.
However, security firm Symantec does not rate these vulnerabilities highly. Symantec only ranks them at level 10 on a scale of 10 for evaluating the severity of security flaws.
Hoang Dung
