Details of VAR-200601-0175

ID

VAR-200601-0175

CVE

CVE-2006-0181

TITLE

Cisco Security Monitoring, Analysis and Response System Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2006-003826

DESCRIPTION

Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. This password is static across all installations of the software. It is possible for those running software release 4.1.3 and later to change a portion of the default administrative password, effectively addressing the vulnerability. However, earlier versions do not provide this option. In addition, CS-MARS can also perform automated tasks to alleviate safety issues. Successful exploitation of this vulnerability will allow the attacker to obtain full management rights of the CS-MARS device. The password for the account reportedly cannot be changed. Successful exploitation requires logon to the administration command line interface with e.g. the "pnadmin" account. The vulnerability has been reported in versions prior to 4.1.3. SOLUTION: Update to version 4.1.3 or later and use the "passwd expert" command to change the root password. http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-mars?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-0181 // JVNDB: JVNDB-2006-003826 // BID: 16211 // VULHUB: VHN-16289 // PACKETSTORM: 43013

AFFECTED PRODUCTS

vendor:	cisco	model:	cs-mars	scope:	eq	version:	4.1.2	Trust: 1.6
vendor:	cisco	model:	cs-mars	scope:	eq	version:	4.1	Trust: 1.6
vendor:	cisco	model:	security monitoring, analysis and response system	scope:	lt	version:	4.1.3	Trust: 0.8
vendor:	nortel	model:	networks contivity vpn switch	scope:	eq	version:	20004.1.2	Trust: 0.3
vendor:	nortel	model:	networks contivity vpn switch	scope:	eq	version:	20004.1	Trust: 0.3
vendor:	nortel	model:	networks contivity vpn switch	scope:	ne	version:	20004.1.3	Trust: 0.3

sources: BID: 16211 // JVNDB: JVNDB-2006-003826 // CNNVD: CNNVD-200601-124 // NVD: CVE-2006-0181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-0181
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-0181
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200601-124
value:	HIGH
Trust: 0.6
VULHUB:	VHN-16289
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-0181
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-16289
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-16289 // JVNDB: JVNDB-2006-003826 // CNNVD: CNNVD-200601-124 // NVD: CVE-2006-0181

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0181

THREAT TYPE

local

Trust: 1.0

sources: BID: 16211 // PACKETSTORM: 43013 // CNNVD: CNNVD-200601-124

TYPE

Design Error

Trust: 0.9

sources: BID: 16211 // CNNVD: CNNVD-200601-124

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003826

PATCH

title:	16211	url:	http://www.securityfocus.com/bid/16211	Trust: 0.8
title:	cisco-sa-20060111-mars.shtml	url:	http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml	Trust: 0.8

sources: JVNDB: JVNDB-2006-003826

EXTERNAL IDS

db:	NVD	id:	CVE-2006-0181	Trust: 2.5
db:	BID	id:	16211	Trust: 2.0
db:	SECUNIA	id:	18424	Trust: 1.8
db:	OSVDB	id:	22346	Trust: 1.7
db:	SECTRACK	id:	1015471	Trust: 1.7
db:	SREASON	id:	335	Trust: 1.7
db:	VUPEN	id:	ADV-2006-0154	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-003826	Trust: 0.8
db:	CNNVD	id:	CNNVD-200601-124	Trust: 0.7
db:	CISCO	id:	20060111 DEFAULT ADMINISTRATIVE PASSWORD IN CISCO SECURITY MONITORING, ANALYSIS AND RESPONSE SYSTEM (CS-MARS)	Trust: 0.6
db:	XF	id:	24065	Trust: 0.6
db:	VULHUB	id:	VHN-16289	Trust: 0.1
db:	PACKETSTORM	id:	43013	Trust: 0.1

sources: VULHUB: VHN-16289 // BID: 16211 // JVNDB: JVNDB-2006-003826 // PACKETSTORM: 43013 // CNNVD: CNNVD-200601-124 // NVD: CVE-2006-0181

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml	Trust: 2.1
url:	http://www.securityfocus.com/bid/16211	Trust: 1.7
url:	http://www.osvdb.org/22346	Trust: 1.7
url:	http://securitytracker.com/id?1015471	Trust: 1.7
url:	http://secunia.com/advisories/18424	Trust: 1.7
url:	http://securityreason.com/securityalert/335	Trust: 1.7
url:	http://seclists.org/bugtraq/2006/jan/202	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/0154	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/24065	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0181	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-0181	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/24065	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/0154	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/6780/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/18424/	Trust: 0.1
url:	http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-mars?psrtdcat20e2	Trust: 0.1

sources: VULHUB: VHN-16289 // BID: 16211 // JVNDB: JVNDB-2006-003826 // PACKETSTORM: 43013 // CNNVD: CNNVD-200601-124 // NVD: CVE-2006-0181

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200601-124

SOURCES

db:	VULHUB	id:	VHN-16289
db:	BID	id:	16211
db:	JVNDB	id:	JVNDB-2006-003826
db:	PACKETSTORM	id:	43013
db:	CNNVD	id:	CNNVD-200601-124
db:	NVD	id:	CVE-2006-0181

LAST UPDATE DATE

2024-08-14T15:14:58.539000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-16289	date:	2017-07-20T00:00:00
db:	BID	id:	16211	date:	2006-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2006-003826	date:	2014-03-11T00:00:00
db:	CNNVD	id:	CNNVD-200601-124	date:	2006-01-13T00:00:00
db:	NVD	id:	CVE-2006-0181	date:	2017-07-20T01:29:31.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-16289	date:	2006-01-12T00:00:00
db:	BID	id:	16211	date:	2006-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2006-003826	date:	2014-03-11T00:00:00
db:	PACKETSTORM	id:	43013	date:	2006-01-12T16:56:50
db:	CNNVD	id:	CNNVD-200601-124	date:	2006-01-12T00:00:00
db:	NVD	id:	CVE-2006-0181	date:	2006-01-12T06:02:00