Vendor: Cisco
Product web page: http://www.cisco.com
Affected version: Cisco Ironport WSA - AsyncOS 8.0.5 for Web build 075
Date: 22/05/2014
Credits: Glafkos Charalambous
CVE: CVE-2011-4862
CVSS Score: 7.6
Impact: Unauthenticated Remote Code Execution with elevated privileges
Description: The Cisco Ironport WSA virtual appliances are vulnerable to an old FreeBSD telnetd encryption Key ID buffer overflow which allows remote attackers to execute arbitrary code (CVE-2011-4862).
Cisco WSA Virtual appliances have the vulnerable telnetd daemon enabled by default.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
http://www.freebsd.org/security/advisories/FreeBSD-SA-11:08.telnetd.asc
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport
Nice work by Glafkos but what you can't see is me shaking my head. *sigh*
I'll repeat the facepalm-inspiring statement again: "Cisco WSA Virtual appliances have the vulnerable telnetd daemon enabled by default."
Still, with the telnets? And on by default?
From the related FreeBSD advisory:
"The FreeBSD telnet daemon, telnetd(8), implements the server side of the
TELNET virtual terminal protocol. It has been disabled by default in
FreeBSD since August 2001, and due to the lack of cryptographic security
in the TELNET protocol, it is strongly recommended that the SSH protocol
be used instead."
See if this sums up for you, courtesy of Glafkos:
Trying 192.168.0.160...
Connected to 192.168.0.160.
Escape character is '^]'.
[+] Exploiting 192.168.0.160, telnetd rulez!
[+] Target OS - FreeBSD 8.2 amd64
[*] Enjoy your shell
'취약점 정보1' 카테고리의 다른 글
| Incorrect implementation of NAT-PMP in multiple devices (0) | 2014.10.25 |
|---|---|
| Cisco Non-IOS 제품군 TCP 취약점 보안 업데이트 권고 (0) | 2014.10.25 |
| Vulnerability Inheritance in PLCs – CoDeSys V3 Edition (0) | 2014.10.22 |
| CVE-2014-3566 취약점: SSLv3 POODLE 공격. 대응방법: 아파치, nginx의 SSLv3 비활성화 (0) | 2014.10.22 |
| Microsoft OLE 원격코드실행 취약점 주의 권고 (0) | 2014.10.22 |