A vulnerability in Cisco's security monitors could let attackers spoof the network giant's intrusion detection software and sensors, gain access to legitimate log-in credentials, and submit fake data to, for instance, hide an ongoing attack, the company revealed Monday in multiple security advisories.
Patches for the flaws are available to Cisco customers.
A SSL certificate-checking bug in CiscoWorks Management Center for IDS Sensors (IDSMC) and Monitoring Center for Security (Secmon) could let an attacker spoof an IDS system and gain access to sensitive data, said Cisco. SSL certificates are used to secure and authenticate Cisco devices, such as intrusion detection and intrusion prevention sensors as they communicate with each other.
"If exploited, the attacker may be able to gather log-in credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it," said Cisco in one advisory posted Monday.
Another vulnerability in Cisco's Intrusion Prevention System (IPS) could give a user with limited access privileges full control of a device instead, the San Jose, Calif.-developer and manufacturer said in a separate advisory.