Details of VAR-200703-0084

ID

VAR-200703-0084

CVE

CVE-2007-1257

TITLE

Cisco Catalyst Systems with a NAM may allow system access via spoofing the SNMP communication

Trust: 0.8

sources: CERT/CC: VU#472412

DESCRIPTION

The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. According to Cisco Systems information NAM Model number WS-SVC-NAM-1, WS-SVC-NAM-2, WS-X6380-NAM Will be affected. For details, check the information provided by the vendor.Crafted by a third party SNMP Arbitrary commands may be executed due to packet processing. According to Cisco Systems information, the device may be completely controlled. An attacker can leverage this issue to gain complete control of the affected device. NAM uses the Simple Network Management Protocol (SNMP) to communicate with the Catalyst system. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: Cisco Products NAM SNMP Spoofing Vulnerability SECUNIA ADVISORY ID: SA24344 VERIFY ADVISORY: http://secunia.com/advisories/24344/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network OPERATING SYSTEM: Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS 12.x http://secunia.com/product/182/ Cisco CATOS 8.x http://secunia.com/product/3564/ Cisco CATOS 7.x http://secunia.com/product/185/ SOFTWARE: Cisco Catalyst 6500 Series Network Analysis Module (NAM-1/NAM-2) http://secunia.com/product/2272/ Cisco Catalyst 6500 Series Network Analysis Module (First Generation) http://secunia.com/product/2271/ DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system. SOLUTION: Update to a fixed version (see vendor advisory for details). http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2007-1257 // CERT/CC: VU#472412 // JVNDB: JVNDB-2007-000183 // BID: 22751 // VULHUB: VHN-24619 // PACKETSTORM: 54746

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst 6500 ws-svc-nam-2	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6000 ws-svc-nam-1	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6000 ws-svc-nam-2	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 7600 ws-svc-nam-1	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6500 ws-svc-nam-1	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6500 ws-x6380-nam	scope:	eq	version:	3.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 6000 ws-x6380-nam	scope:	eq	version:	3.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 7600 ws-svc-nam-2	scope:	eq	version:	2.2\(1a\)	Trust: 1.6
vendor:	cisco	model:	catalyst 7600 ws-x6380-nam	scope:	eq	version:	3.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	network analysis module	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	network analysis module	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	7600 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst 6000 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst 6500 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios 12.1 ex	scope:	ne	version:	-	Trust: 0.6
vendor:	cisco	model:	ios 12.2za	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sy	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxf	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxe	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sxa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sx	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sgb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sga	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2sg	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2s	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ixb	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ixa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ewa	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2ew	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2eu	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios zu	scope:	eq	version:	12.2	Trust: 0.3
vendor:	cisco	model:	ios 12.1ex	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1e	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	catos	scope:	eq	version:	8.5(5)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	eq	version:	8.5(4)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	eq	version:	8.5(3)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	eq	version:	8.5(2)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	eq	version:	8.5(1)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	eq	version:	7.6(19)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	eq	version:	7.6(18)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	eq	version:	7.6(17)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	eq	version:	7.6(16)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	eq	version:	7.6(15)	Trust: 0.3
vendor:	cisco	model:	catalyst	scope:	eq	version:	6500	Trust: 0.3
vendor:	cisco	model:	catalyst	scope:	eq	version:	60000	Trust: 0.3
vendor:	cisco	model:	-	scope:	eq	version:	7600	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sra2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sga1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sg1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 s	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 zu1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sxf5	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sxe6a	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 sxd7a	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 s5	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 ixb2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.2 s3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1 e1	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 12.1 e8	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	catos	scope:	ne	version:	8.5(6)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	ne	version:	8.5(5.3)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	ne	version:	7.6(20)	Trust: 0.3
vendor:	cisco	model:	catos	scope:	ne	version:	7.6(19.2)	Trust: 0.3

sources: CERT/CC: VU#472412 // BID: 22751 // JVNDB: JVNDB-2007-000183 // CNNVD: CNNVD-200703-133 // NVD: CVE-2007-1257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-1257
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#472412
value:	9.37
Trust: 0.8
NVD:	CVE-2007-1257
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200703-133
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-24619
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-1257
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24619
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#472412 // VULHUB: VHN-24619 // JVNDB: JVNDB-2007-000183 // CNNVD: CNNVD-200703-133 // NVD: CVE-2007-1257

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-24619 // JVNDB: JVNDB-2007-000183 // NVD: CVE-2007-1257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-133

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200703-133

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000183

PATCH

title:

cisco-sa-20070228-nam

url:

http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2007-000183

EXTERNAL IDS

db:	CERT/CC	id:	VU#472412	Trust: 3.6
db:	BID	id:	22751	Trust: 2.8
db:	NVD	id:	CVE-2007-1257	Trust: 2.8
db:	SECUNIA	id:	24344	Trust: 2.6
db:	SECTRACK	id:	1017710	Trust: 2.5
db:	OSVDB	id:	33066	Trust: 1.7
db:	VUPEN	id:	ADV-2007-0783	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-000183	Trust: 0.8
db:	CNNVD	id:	CNNVD-200703-133	Trust: 0.7
db:	XF	id:	32750	Trust: 0.6
db:	CISCO	id:	20070228 CISCO CATALYST 6000, 6500 SERIES AND CISCO 7600 SERIES NAM (NETWORK ANALYSIS MODULE) VULNERABILITY	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:5188	Trust: 0.6
db:	VULHUB	id:	VHN-24619	Trust: 0.1
db:	PACKETSTORM	id:	54746	Trust: 0.1

sources: CERT/CC: VU#472412 // VULHUB: VHN-24619 // BID: 22751 // JVNDB: JVNDB-2007-000183 // PACKETSTORM: 54746 // CNNVD: CNNVD-200703-133 // NVD: CVE-2007-1257

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml	Trust: 2.9
url:	http://www.kb.cert.org/vuls/id/472412	Trust: 2.8
url:	http://www.securityfocus.com/bid/22751	Trust: 2.5
url:	http://osvdb.org/33066	Trust: 1.7
url:	http://www.securitytracker.com/id?1017710	Trust: 1.7
url:	http://secunia.com/advisories/24344	Trust: 1.7
url:	http://www.cisco.com/en/us/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a0080394e09.html	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5188	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/0783	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/32750	Trust: 1.1
url:	http://secunia.com/advisories/24344/	Trust: 0.9
url:	http://www.cisco.com/warp/public/707/cisco-air-20070228-nam.shtml	Trust: 0.8
url:	http://securitytracker.com/alerts/2007/feb/1017710.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1257	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-1257	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/32750	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/0783	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5188	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/50/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/3564/	Trust: 0.1
url:	http://secunia.com/disassembling_og_reversing/	Trust: 0.1
url:	http://secunia.com/product/2271/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/2272/	Trust: 0.1
url:	http://secunia.com/product/182/	Trust: 0.1
url:	http://secunia.com/product/185/	Trust: 0.1

sources: CERT/CC: VU#472412 // VULHUB: VHN-24619 // BID: 22751 // JVNDB: JVNDB-2007-000183 // PACKETSTORM: 54746 // CNNVD: CNNVD-200703-133 // NVD: CVE-2007-1257

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-200703-133

SOURCES

db:	CERT/CC	id:	VU#472412
db:	VULHUB	id:	VHN-24619
db:	BID	id:	22751
db:	JVNDB	id:	JVNDB-2007-000183
db:	PACKETSTORM	id:	54746
db:	CNNVD	id:	CNNVD-200703-133
db:	NVD	id:	CVE-2007-1257

LAST UPDATE DATE

2024-11-23T22:46:55.004000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#472412	date:	2007-03-22T00:00:00
db:	VULHUB	id:	VHN-24619	date:	2017-10-11T00:00:00
db:	BID	id:	22751	date:	2015-05-12T19:34:00
db:	JVNDB	id:	JVNDB-2007-000183	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200703-133	date:	2009-03-16T00:00:00
db:	NVD	id:	CVE-2007-1257	date:	2024-11-21T00:27:53.570

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#472412	date:	2007-03-02T00:00:00
db:	VULHUB	id:	VHN-24619	date:	2007-03-03T00:00:00
db:	BID	id:	22751	date:	2007-02-28T00:00:00
db:	JVNDB	id:	JVNDB-2007-000183	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	54746	date:	2007-03-05T23:12:53
db:	CNNVD	id:	CNNVD-200703-133	date:	2007-02-28T00:00:00
db:	NVD	id:	CVE-2007-1257	date:	2007-03-03T20:19:00