Aussie researchers discover Cisco vulnerabilities

Australian IT security consultancy Assurance.com.au claims it has taken Cisco almost three months to patch two vulnerabilities which affect the security of several of its products.

Assurance director, Adam Pointon, says researchers from the company discovered the vulnerabilities when testing a Cisco Wireless LAN Solution Engine at a customer site on January 29.

He said the flaws were reported the problems at the time of discovery, yet Cisco had rectified them as at 1am this morning.

“It did take a while [for a fix],” Pointon said, conceding that Cisco did respond straight away to Assurance's alert to the company on January 29.

Of the two vulnerabilities, he said the most serious was the “show command line interface" vulnerability, which would allow a rogue administrator of a Cisco device to “break out” of Cisco’s restricted management interface and gain privileged access to the underlying Linux-based operating system.

“It’s possible for a rogue administrator to access the underlying operating system by typing one specifically crafted command into Cisco’s restricted, text-based management interface,” Pointon said.

Products affected include the Cisco Wireless Lan Solution Engine (WLSE), Cisco User Registration Tool (URT), CiscoWorks2000 Service Management Solution (SMS), Cisco Hosting Solution Engine (HSE), Ethernet Subscriber Solution Engine (ESSE), Cisco VLAN Policy Server (VPS) and Cisco Management Engine (ME1100 Series) and CiscoWorks Service Level Manager (SLM).

Cisco advised Assurance that the ESSE and SMS carrier-class products were “end of life” and would not be patched, Pointon said. Customers using these products would need to request a fix through customer support.

Neal Wise, another director at Assurance, added that companies needed to understand that devices installed on their networks could provide more than their designed functions if compromised by an attacker.

“If they are not correctly maintained they could become a serious liability to the enterprise,” he said. “They need to be kept as secure as any other network attached computer.”

Assurance also found problems in March last year in an anti-spam and firewall manufactured by Barracuda Networks, Pointon said. This fix took 29 days to be produced.

Cisco’s response to the finding is posted here:

http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml#response.