CiscoZine

May 2013: two Cisco vulnerabilities

Fabio Semperboni — Wed, 05 Jun 2013 13:41:02 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system. Vulnerable Products Cisco TelePresence Supervisor MSE 8050 running software versions 2.2(1.17) and earlier are affected by this vulnerability. Details A vulnerability in the network stack of the Cisco TelePresence MSE 8050 Supervisor [...]

Reload in X? Why don’t you rollback or replace the configuration?

Fabio Semperboni — Tue, 14 May 2013 10:33:02 +0000

Do you remember the article ‘How to schedule a reload‘? This feature (reload in ‘x’) is useful when you must apply a critical configuration on a remote device, for instance new route or new acl. In fact, if you happen to lose connection to device after a change, you must wait the device reload to reconnect to it. This can be a solution but there is a better solution: the replace/roolback feature. Introduced in 12.3(7)T IOS, the Configuration Replace and Configuration Rollback features provide the capability to replace the current running configuration with any saved Cisco IOS configuration file. This [...]

Using IP SLA to change routing

Fabio Semperboni — Wed, 08 May 2013 20:32:25 +0000

Cisco IP SLAs is a part of Cisco IOS that allows Cisco customers to analyze IP service levels for IP applications and services by using active traffic monitoring for measuring network performance. With Cisco IOS IP SLAs, service provider customers can measure and provide service level agreements, and enterprise customers can verify service levels, verify outsourced service level agreements, and understand network performance. Cisco IOS IP SLAs can perform network assessments, verify quality of service (QoS), ease the deployment of new services, and assist with network troubleshooting. IP SLAs collects a unique subset of these performance metrics: Delay (both round-trip [...]

April 2013: ten Cisco vulnerabilities

Fabio Semperboni — Thu, 02 May 2013 12:34:25 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published ten important vulnerability advisories: Multiple Vulnerabilities in Cisco NX-OS-Based Products Cisco Device Manager Command Execution Vulnerability Multiple Vulnerabilities in Cisco Unified Computing System Cisco Network Admission Control Manager SQL Injection Vulnerability Cisco TelePresence Infrastructure Denial of Service Vulnerability Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers Multiple Vulnerabilities in Cisco Firewall Services Module Software Multiple Vulnerabilities in Cisco ASA Software Cisco Prime Network Control Systems Database Default Credentials Vulnerability Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution Multiple Vulnerabilities in Cisco NX-OS-Based Products Cisco Nexus, Cisco [...]

PBR: Route a packet based on source IP address

Fabio Semperboni — Tue, 23 Apr 2013 11:48:25 +0000

Everyone knows that the routing table lists the routes to particular network destinations, but is it possible define the next-hop based on source ip, packet size or other criteria? Obviously yes! Policy-based routing (PBR) provides a tool for forwarding and routing data packets based on policies defined by network administrators. In effect, it is a way to have the policy override routing protocol decisions. Policy-based routing includes a mechanism for selectively applying policies based on access list, packet size or other criteria. The actions taken can include routing packets on user-defined routes, setting the precedence, type of service bits, etc. Policy-based routing [...]

March 2013: seven Cisco vulnerabilities

Fabio Semperboni — Fri, 12 Apr 2013 10:52:43 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published seven important vulnerability advisories: Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability Cisco IOS Software IP Service Level Agreement Vulnerability Cisco IOS Software Smart Install Denial of Service Vulnerability Cisco IOS Software Protocol Translation Vulnerability Cisco IOS Software Network Address Translation Vulnerability Cisco IOS Software Internet Key Exchange Vulnerability Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability Cisco IOS Software contains a memory leak vulnerability that could be [...]

Cisco Video Surveillance Operations Manager 6.3.2 – Multiple vulnerabilities

Fabio Semperboni — Tue, 09 Apr 2013 07:44:55 +0000

Part of the Cisco Video Surveillance Manager product suite, the Cisco Video Surveillance Operations Manager enables the efficient and effective configuration and management of video throughout an enterprise. It provides a secure web portal to configure, manage, display, and control video in an IP network, and provides the ability to easily manage a large number of security assets and users, including media server instances, cameras, encoders, and event sources, as well as digital monitors. # Exploit Title:Cisco Video Surveillance Operations Manager Multiple vulnerabilities # Google Dork: intitle:"Video Surveillance Operations Manager > Login" # Date: 22 Feb 2013 reported to the [...]

February 2013: four Cisco vulnerabilities

Fabio Semperboni — Mon, 04 Mar 2013 19:02:02 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories: Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability Cisco Unified Presence Server Denial of Service Vulnerability Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could cause an interruption of voice services. Vulnerable Products The following products are [...]

NAT Virtual Interface aka NVI, what is that?!

Fabio Semperboni — Thu, 28 Feb 2013 14:29:38 +0000

Not everyone knows that from IOS version 12.3(14)T, Cisco has introduced a new feature called NAT Virtual Interface; NVI removes the requirements to configure an interface as either NAT inside or NAT outside. An interface can be configured to use NAT or not use NAT. How to use NVI? It’s easy! You must use the command ‘ip nat source …’ without specifying the inside/outside tag and enable the nat to the interfaces using the command ‘ip nat enable’. For instance, if you use legacy statement: Ciscozine(config)#interface range fastEthernet 0/0 Ciscozine(config-if-range)#ip nat inside Ciscozine(config)#interface range fastEthernet 0/1 Ciscozine(config-if-range)#ip nat outside Ciscozine(config)#ip nat inside source static 172.16.0.6 [...]

Cisco Unity Express Multiple Vulnerabilities

Fabio Semperboni — Fri, 22 Feb 2013 09:12:53 +0000

The Cisco Unity Express software contains two important vulnerabilities: CVE ID: CVE-2013-1114: Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site scripting attacks. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted requests. However, all affected versions of the software have reached End of Software Maintenance or Last Day of Support. CVE ID: CVE-2013-1120: Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site request forgery attacks. The vulnerabilities are due [...]

Using route maps for conditional NAT

Fabio Semperboni — Wed, 20 Feb 2013 11:16:01 +0000

As explained in a previous article, NAT is the process of modifying IP address information in IP packet headers, while route maps are mainly used to redistribute and manipulate routes (OSPF, BGP, EIGRP, and so on). The question is obvious… What is the relationship between these two features? Static NAT configuration with the route-map option can be used to implement destination-based NAT scenarios where the same inside local address needs to be translated to more than one inside global address, depending on where the traffic is destined. How to define the conditional NAT? See you below: Suppose that for several reasons (overlapping, [...]

NAT and PAT: a complete explanation

Fabio Semperboni — Sat, 16 Feb 2013 14:22:22 +0000

Network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device. There are two different types of NAT: NAT Static NAT: The simplest type of NAT provides a one-to-one translation of IP addresses. It is often also referred to as one-to-one NAT. In this type of NAT only the IP addresses, IP header checksum and any higher level checksums that include the IP address need to be changed. The rest of the packet can be left untouched (at least for basic TCP/UDP functionality, some higher level protocols may [...]

January 2013: five Cisco vulnerabilities

Fabio Semperboni — Tue, 12 Feb 2013 12:05:14 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities Multiple Vulnerabilities in Cisco Wireless LAN Controllers Cisco ASA 1000V Cloud Firewall H.323 Inspection Denial of Service Vulnerability Cisco Prime LAN Management Solution Command Execution Vulnerability Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities The Portable Software Developer Kit (SDK) for Universal Plug-n-Play (UPnP) Devices contains a libupnp library, originally known as the Intel SDK for UPnP Devices, which is vulnerable to multiple stack-based buffer [...]

November 2012: two Cisco vulnerabilities

Fabio Semperboni — Thu, 13 Dec 2012 11:59:52 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories: Cisco IronPort Appliances Sophos Anti-Virus Vulnerabilities Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability Cisco IronPort Appliances Sophos Anti-Virus Vulnerabilities Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web Security Appliances (WSA) include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a denial-of-service (DoS) condition. An attacker could exploit these vulnerabilities by sending malformed files to an appliance that is running Sophos Anti-Virus. The malformed files could [...]

Switchport capture: a good alternative to SPAN port

Fabio Semperboni — Tue, 27 Nov 2012 13:00:12 +0000

Do you remember the article “How to analyze traffic with SPAN feature“? The SPAN port is a feature that mirror traffic (on physical or virtual port) to a specific port. In general, behind this ‘destination’ port can be a traffic analyzer (wireshark, ntop and so on…), an IDS or other appliances. The SPAN feature is a good tool but it has two limitations: The number of SPAN sessions that can be configured is limited. A destination port receives copies of sent and received traffic for all monitored source ports. If a destination port is oversubscribed, it can become congested. This [...]

Cisco DPC2100 Denial of Service

Fabio Semperboni — Fri, 16 Nov 2012 10:56:24 +0000

Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426. Solution: Upgrade to the version specified in the vendor advisory or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Vulnerability (Only for test): # Exploit Title: Cisco DPC2100 Denial of Service # Date: 09/01/2010 # Author: Daniel Smith # Software Link: http://www.cisco.com/ # Version: HW:2.1/SW:v2.0.2r1256-060303 # Tested on: OSX [...]

Cisco Linksys PlayerPT ActiveX Control Buffer Overflow

Fabio Semperboni — Thu, 15 Nov 2012 08:12:26 +0000

Cisco Linksys PlayerPT ActiveX is prone to an overflow condition. The SetSource() function fails to properly sanitize user-supplied input resulting in a stack based buffer overflow. With a specially crafted argument, a remote attacker can potentially cause execution of arbitrary code. Solution: Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to correct the flaw by implementing the following workaround: set the kill-bit on the PlayerPT.ocx ActiveX Control [ {9E065E4A-BD9D-4547-8F90-985DC62A5591} ]. See Microsoft KB article 240797 for additional details. Vulnerability (Only for test): ## # This file is part of the Metasploit Framework and [...]

October 2012: five Cisco vulnerabilities

Fabio Semperboni — Mon, 12 Nov 2012 13:06:44 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Multiple Vulnerabilities in Cisco Firewall Services Module Multiple Vulnerabilities in the Cisco WebEx Recording Format Player Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module [...]

September 2012: eleven Cisco vulnerabilities

Fabio Semperboni — Thu, 18 Oct 2012 18:43:57 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published eleven important vulnerability advisories: Cisco IOS Software Network Address Translation Vulnerabilities Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Cisco IOS Software DHCP Denial of Service Vulnerability Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability Cisco IOS Software Malformed Border Gateway [...]

WhoisUP – Is your host up or down?

Fabio Semperboni — Tue, 18 Sep 2012 10:46:20 +0000

During last months, I have not written tutorial about Cisco technology because I have dedicated my free time to write my personal script to monitor hosts, router and so on. Why write a new script and not use a pre-existent script/software? The reasons are different, but in particular three: Surfing the web, I have found software that check hosts with a minute delay (they use crontab…), but in my case I want to check hosts continuously; other software can check hosts continually, but they are too complex for my purpose and they have features don’t needed in my case. They can be too expensive. The second reason [...]

July 2012: four Cisco vulnerabilities

Fabio Semperboni — Wed, 08 Aug 2012 06:31:33 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices Multiple Vulnerabilities in Cisco TelePresence Manager Multiple Vulnerabilities in Cisco TelePresence Recording Server Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices Cisco TelePresence Endpoint devices contain the following vulnerabilities: Cisco TelePresence API Remote Command Execution Vulnerability Cisco TelePresence Remote Command Execution Vulnerability Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability Vulnerable Products Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch, and Cisco TelePresence Immersive Endpoint System may [...]

June 2012: four Cisco vulnerabilities

Fabio Semperboni — Wed, 04 Jul 2012 09:37:36 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Cisco Application Control Engine Administrator IP Address Overlap Vulnerability Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability Buffer Overflow Vulnerabilities in the Cisco WebEx Player The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases, exploitation of the vulnerabilities could allow [...]

How to configure Cisco VPN SSL aka WebVPN

Fabio Semperboni — Wed, 27 Jun 2012 08:19:11 +0000

The SSL VPN feature (also known as WebVPN) provides support for remote user access to enterprise networks from anywhere on the Internet. Remote access is provided through a Secure Socket Layer- (SSL-) enabled SSL VPN gateway. The SSL VPN gateway allows remote users to establish a secure Virtual Private Network (VPN) tunnel using a web browser. This feature provides a comprehensive solution that allows easy access to a broad range of web resources and web-enabled applications using native HTTP over SSL (HTTPS) browser support. What is SSL? Secure Sockets Layer is a protocol developed by Netscape for transmitting private documents [...]

May 2012: one Cisco vulnerability

Fabio Semperboni — Wed, 06 Jun 2012 06:08:47 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability Cisco IOS XR Software Route Processor Denial of Service Vulnerability The vulnerability only exists on Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP440) and Cisco Carrier Routing System (CRS) Performance Route Processor (PRP). The vulnerability is a result of improper handling of crafted packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Vulnerable Products This vulnerability affects IOS XR Software version 4.2.0 [...]

How to create self-signed certificates

Fabio Semperboni — Fri, 25 May 2012 13:32:54 +0000

A digital certificate or identity certificate is an electronic document which uses a digital signature to bind a public key with an identity, information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). However, there are situations where it is not possible use a CA, so the only solutions is to use a self-signed certificate, an identity certificate that is signed by [...]

April 2012: one Cisco vulnerability

Fabio Semperboni — Thu, 03 May 2012 13:31:38 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Buffer Overflow Vulnerabilities in the Cisco WebEx Player The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Vulnerable Products The vulnerabilities disclosed in this advisory affect the Cisco WebEx Recording Format (WRF) player. The following client builds of Cisco WebEx Business Suite (WBS 27) are affected by at least [...]

Cisco Networking Academy NetRiders competitions

Fabio Semperboni — Fri, 20 Apr 2012 12:29:53 +0000

NetRiders competitions provide students with hands-on practice and experience in a competitive environment, a chance to test their skills and recognize their weaknesses, showcase their knowledge, and create interactive networking skills as well as new friendships across the world. And for Instructors, this is a great opportunity to lead students and showcase teaching skills as well. Organized by Cisco, these competitions are a great opportunity for Networking Academy students to learn valuable Networking/IT skills through a series of online exams and simulation activities using Cisco Packet Tracer. Competitions are offered for students currently or recently enrolled in a Cisco Networking [...]

Unicast flooding due to asymmetric routing

Fabio Semperboni — Sun, 15 Apr 2012 18:57:01 +0000

Asymmetric routing is a situation where a packet traverses from a source to a destination in one path and takes a different path when it returns to the source. This is commonly seen in Layer-3 routed networks, for instance on Internet. Asymmetric routing is not a problem by itself, but will cause problems when Network Address Translation (NAT) or firewalls are used in the routed path. For example, in firewalls, state information is built when the packets flow from a higher security domain to a lower security domain. The firewall will be an exit point from one security domain to [...]

March 2012: twelve Cisco vulnerabilities

Fabio Semperboni — Mon, 02 Apr 2012 10:03:25 +0000

The Cisco Product Security Incident Response Team (PSIRT) has published twelve important vulnerability advisories: Cisco IOS Software Reverse SSH Denial of Service Vulnerability Cisco IOS Software RSVP Denial of Service Vulnerability Vulnerabilities in Cisco IOS Software Traffic Optimization Features Cisco IOS Software Multicast Source Discovery Protocol Vulnerability Cisco IOS Software Network Address Translation Vulnerability Cisco IOS Internet Key Exchange Vulnerability Cisco IOS Software Smart Install Denial of Service Vulnerability Cisco IOS Software Command Authorization Bypass Cisco IOS Software Zone-Based Firewall Vulnerabilities Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Cisco [...]

How to perform SSH RSA User Authentication

Fabio Semperboni — Tue, 27 Mar 2012 11:32:35 +0000

Cisco IOS SSH Version 2 (SSHv2) supports keyboard-interactive and password-based authentication methods. The SSHv2 Enhancements for RSA Keys feature also supports RSA-based public key authentication for the client and the server. RSA based user authentication uses a private/public key pair associated with each user for authentication. The user must generate a private/public key pair on the client and configure a public key on the Cisco IOS SSH server to complete the authentication. An SSH user trying to establish the credentials provides an encrypted signature using the private key. The signature and the user’s public key are sent to the SSH [...]