Sign-up

ID

VAR-201007-0201


CVE

CVE-2010-1575


TITLE

Cisco Content Services Switch Vulnerabilities that bypass authentication

Trust: 0.8

sources: JVNDB: JVNDB-2010-001728

DESCRIPTION

The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690. When using CSS to terminate SSL communication, you must first authenticate the SSL client certificate. The CSS usually passes the identity of the client to the backend web server in the form of the following HTTP header: ClientCert-Subject: XXXClientCert-Subject-CN: XXXClientCert-Fingerprint: XXXClientCert-Subject-CN: XXXClientCert-Issuer-CN: XXXClientCert-Certificate-Version : XXXClientCert-Serial-Number: XXXClientCert-Data-Signature-Algorithm: XXXClientCert-Subject: XXXClientCert-Issuer: XXXClientCert-Not-Before: XXXClientCert-Not-After: XXXClientCert-Public-Key-Algorithm: XXXClientCert-RSA-Modulus-Size : XXXClientCert-RSA-Modulus: XXXClientCert-RSA-Exponent: XXXClientCert-X509v3-Subject-Key-Identifier: XXXClientCert-X509v3-Authority-Key-Identifier: XXXClientCert-Signature-Algorithm: XXXClientCert-Signature: XXX but CSS does not protect against the client Provides its own ClientCert-* header, so an attacker can act as a fake user for other users, depending on how the application developer handles multiple header copies. An attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible. These issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885

Trust: 2.52

sources: NVD: CVE-2010-1575 // JVNDB: JVNDB-2010-001728 // CNVD: CNVD-2010-1236 // BID: 41315 // VULHUB: VHN-44180

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-1236

AFFECTED PRODUCTS

vendor:ciscomodel:content services switch 11500scope:eqversion:08.20.1.01

Trust: 1.6

vendor:ciscomodel:css 11500 seriesscope: - version: -

Trust: 0.8

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:ciscomodel:css11500 content services switchscope: - version: -

Trust: 0.3

vendor:ciscomodel:ace appliance a3scope:eqversion:4750

Trust: 0.3

sources: CNVD: CNVD-2010-1236 // BID: 41315 // JVNDB: JVNDB-2010-001728 // CNNVD: CNNVD-201007-034 // NVD: CVE-2010-1575

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1575
value: HIGH

Trust: 1.0

NVD: CVE-2010-1575
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201007-034
value: HIGH

Trust: 0.6

VULHUB: VHN-44180
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-1575
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44180
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44180 // JVNDB: JVNDB-2010-001728 // CNNVD: CNNVD-201007-034 // NVD: CVE-2010-1575

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-44180 // JVNDB: JVNDB-2010-001728 // NVD: CVE-2010-1575

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201007-034

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201007-034

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001728

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-44180

PATCH
title:20807url:http://tools.cisco.com/security/center/viewAlert.x?alertId=20807
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001728

EXTERNAL IDS
db:NVDid:CVE-2010-1575
Trust: 3.4
db:BIDid:41315
Trust: 2.8
db:SECTRACKid:1024167
Trust: 2.5
db:OSVDBid:66091
Trust: 1.9
db:JVNDBid:JVNDB-2010-001728
Trust: 0.8
db:CNNVDid:CNNVD-201007-034
Trust: 0.7
db:CNVDid:CNVD-2010-1236
Trust: 0.6
db:NSFOCUSid:15368
Trust: 0.6
db:BUGTRAQid:20100702 VSR ADVISORY: MULTIPLE CISCO CSS / ACE CLIENT CERTIFICATE AND HTTP HEADER MANIPULATION VULNERABILITIES
Trust: 0.6
db:PACKETSTORMid:91436
Trust: 0.1
db:VULHUBid:VHN-44180
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-1236 // 
            
            
            
            VULHUB: VHN-44180 // 
            
            
            
            BID: 41315 // 
            
            
            
            JVNDB: JVNDB-2010-001728 // 
            
            
            
            CNNVD: CNNVD-201007-034 // 
            
            
            
            NVD: CVE-2010-1575

REFERENCES
url:http://www.securityfocus.com/bid/41315
Trust: 2.5
url:http://securitytracker.com/id?1024167
Trust: 2.5
url:http://www.vsecurity.com/resources/advisory/20100702-1/
Trust: 2.0
url:http://osvdb.org/66091
Trust: 1.9
url:http://www.securityfocus.com/archive/1/512144/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1575
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1575
Trust: 0.8
url:http://marc.info/?l=bugtraq&m=127808444302943&w=2
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/512144/100/0/threaded
Trust: 0.6
url:http://www.nsfocus.net/vulndb/15368
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:/archive/1/512144
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2010-1236 // 
            
            
            
            VULHUB: VHN-44180 // 
            
            
            
            BID: 41315 // 
            
            
            
            JVNDB: JVNDB-2010-001728 // 
            
            
            
            CNNVD: CNNVD-201007-034 // 
            
            
            
            NVD: CVE-2010-1575

CREDITS
George D. Gal※ ggal@vsecurity.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201007-034

SOURCES
db:CNVDid:CNVD-2010-1236
db:VULHUBid:VHN-44180
db:BIDid:41315
db:JVNDBid:JVNDB-2010-001728
db:CNNVDid:CNNVD-201007-034
db:NVDid:CVE-2010-1575

LAST UPDATE DATE
2024-11-23T21:47:23.323000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-1236date:2010-07-03T00:00:00
db:VULHUBid:VHN-44180date:2018-10-10T00:00:00
db:BIDid:41315date:2015-04-13T21:05:00
db:JVNDBid:JVNDB-2010-001728date:2010-07-27T00:00:00
db:CNNVDid:CNNVD-201007-034date:2010-07-08T00:00:00
db:NVDid:CVE-2010-1575date:2024-11-21T01:14:43.277

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-1236date:2010-07-03T00:00:00
db:VULHUBid:VHN-44180date:2010-07-06T00:00:00
db:BIDid:41315date:2010-07-02T00:00:00
db:JVNDBid:JVNDB-2010-001728date:2010-07-27T00:00:00
db:CNNVDid:CNNVD-201007-034date:2010-07-08T00:00:00
db:NVDid:CVE-2010-1575date:2010-07-06T17:17:13.203