Cisco Patches IDS Software, Sensors Against Spoofing

A vulnerability in Cisco's security monitors could let attackers spoof the network giant's intrusion detection software and sensors, gain access to legitimate log-in credentials, and submit fake data to, for instance, hide an ongoing attack, the company revealed Monday in multiple security advisories.

Patches for the flaws are available to Cisco customers.

A SSL certificate-checking bug in CiscoWorks Management Center for IDS Sensors (IDSMC) and Monitoring Center for Security (Secmon) could let an attacker spoof an IDS system and gain access to sensitive data, said Cisco. SSL certificates are used to secure and authenticate Cisco devices, such as intrusion detection and intrusion prevention sensors as they communicate with each other.

"If exploited, the attacker may be able to gather log-in credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it," said Cisco in one advisory posted Monday.

Another vulnerability in Cisco's Intrusion Prevention System (IPS) could give a user with limited access privileges full control of a device instead, the San Jose, Calif.-developer and manufacturer said in a separate advisory.An user with OPERATOR or VIEWER privileges could exploit a bug in the command line processing logic to obtain full administrator rights to the IPS device, Cisco said.

Vulnerability aggregator Secunia rated the Cisco bugs as "less critical," its second-from-the-bottom threat ranking.

Add Cisco to the lengthening list of security vendors whose products sport vulnerabilities. Since the first of the year, most major security firms have been hit with bugs, including Symantec, Computer Associates, and McAfee.