Cisco SSL/TLS Certificate and SSH Public Key Validation Vulnerability

Bugtraq ID:	22111
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 18 2007 12:00AM
Updated:	Jan 18 2007 08:10PM
Credit:	Jan Bervar of NIL Data Communications is credited with the discovery of this vulnerability.
Vulnerable:	Nortel Networks Contivity 2000 VPN Switch 4.1.3 Nortel Networks Contivity 2000 VPN Switch 4.1.2 Nortel Networks Contivity 2000 VPN Switch 4.1 Cisco CS-MARS 4.2.2 Cisco CS-MARS 4.2.1 Cisco CS-MARS 4.1.5 Cisco ASDM 5.0
Not Vulnerable:	Cisco CS-MARS 4.2.3 Cisco ASDM 5.2

Cisco SSL/TLS Certificate and SSH Public Key Validation Vulnerability

Cisco Security Monitoring and Response System (CS-MARS) and Adaptive Security Device Manager (ASDM) are prone to a vulnerability regarding validating SSL/TLS certificates and SSH public keys.

An attacker could exploit this issue to retrieve potentially sensitive information or to impersonate a managed device.

This issue is tracked by Cisco Bug IDs CSCsf95930 and CSCsg78595.

Cisco SSL/TLS Certificate and SSH Public Key Validation Vulnerability

To exploit this issue, attackers require access to a network using the vulnerable applications.

Cisco SSL/TLS Certificate and SSH Public Key Validation Vulnerability

Solution:
Fixes are available. Please see the referenced Cisco advisory for details.

Cisco SSL/TLS Certificate and SSH Public Key Validation Vulnerability

References:

• Cisco Adaptive Security Device Manager Homepage (Cisco)
  
• Cisco Security Monitoring, Analysis and Response System Homepage (Cisco)
  
• Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulne (Cisco)
  
• Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulne (Cisco)