Cisco warns 2 serious security errors

Cisco Systems has just released a newsletter warning users about two serious security flaws in Cisco NAC Appliance network control device.

Information from the manufacturer indicates that these two security flaws can be exploited by hackers to gain control over a device that makes a mistake or steals sensitive information such as a login password .

Cisco NAC Appliance - also known as Cisco Clean Access (CCA) - is the device responsible for confirming peripherals that require connection to the network of the enterprise that meets the requirements. Privacy Policy.

The first error

Picture 1 of Cisco warns 2 serious security errors The first security error is named " Unchangeable Shared Secret ". This error stems from the fact that Shared Secret data is not set up or changed properly during device installation. In other words, Shared Secret data is the same on every device.

Shared Secret is the data that allows Clean Access Manager (CAM) to send authentication certificates to the device to Clean Access Server (CAS).

To successfully exploit the " Unchangeable Shared Secret " error, hackers must establish a TCP connection to CAS. If successful, the hacker will gain administrator-level control to any CAS.

CCA versions have a " Unchangeable Shared Secret " error that includes versions 3.6.x to 3.6.4.2 and version 4.0.x to 4.0.3.2.

Users are advised to upgrade to version 3.6.4.3, 4.0.4 and 4.1.0 or visit the Cisco website to download the patch called Patch-CSCsg24153.tar.gz. Note that only customers who have signed up for the Cisco Service Agreement can access the download patches.

The second error

The second security error is named " Readable Snapshots ". With this error, hackers can use brute-force attack to download the backup database - also known as snapshots - on CAM without the need for authorization. Meanwhile, those backup files are not encrypted or protected by any solution.

More dangerous than those snapshot files contain information that can assist hackers in attacking CAS or used to hijack CAM.

The error versions include CCA version 3.5.x to 3.5.9 and 3.6.x version to 3.6.1.1. Users are advised to upgrade to version 3.5.10 and 3.6.2.

Currently Cisco has not released an update of snapshot patch. However, the manufacturer recommends that users move the snapshot files out of the device immediately after performing a backup.

The group that reacts quickly to Cisco's security situations claims that until now, there has not been any code that exploits the bug that could attack the two flaws spread to the Internet.

Hoang Dung