CVE-2006-3226
CVSS7.5
发布时间 :2006-06-26 12:05:00
修订时间 :2011-03-07 21:38:07
NMCO    

[原文]Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."


[CNNVD]Cisco Secure ACS 远程认证绕过漏洞(CNNVD-200606-497)

        Cisco Secure ACS是Cisco网络设备的中央管理平台,用于控制设备的认证和授权。
        Cisco Secure ACS中存在认证绕过漏洞,远程攻击者可能利用此漏洞劫持现有的认证后的会话。
        在认证后,运行在TCP端口2002上的Cisco Secure ACS Web管理接口会将连接重新定向到1024和65535之间动态分配的端口号上,具体取决于用户用于认证之后HTTP连接的IP地址。这有助于攻击者劫持管理会话,因为端口号是以顺序的方式分配的,没有使用很强的认证。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:cisco:secure_access_control_server:4.0.1::windows
cpe:/a:cisco:secure_access_control_server:4.0::windows

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3226
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3226
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-497
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/27328
(UNKNOWN)  XF  cisco-acs-session-spoofing(27328)
http://www.vupen.com/english/advisories/2006/2524
(UNKNOWN)  VUPEN  ADV-2006-2524
http://www.securityfocus.com/bid/18621
(UNKNOWN)  BID  18621
http://www.securityfocus.com/archive/1/archive/1/438258/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability
http://www.securityfocus.com/archive/1/archive/1/438161/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060623 Cisco Secure ACS Weak Session Management Vulnerability
http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html
(VENDOR_ADVISORY)  CISCO  20060623 Cisco Secure ACS Weak Session Management Vulnerability
http://securitytracker.com/id?1016369
(UNKNOWN)  SECTRACK  1016369
http://www.osvdb.org/26825
(UNKNOWN)  OSVDB  26825
http://securityreason.com/securityalert/1157
(UNKNOWN)  SREASON  1157
http://secunia.com/advisories/20816
(UNKNOWN)  SECUNIA  20816

- 漏洞信息

Cisco Secure ACS 远程认证绕过漏洞
高危 访问验证错误
2006-06-26 00:00:00 2006-06-27 00:00:00
远程  
        Cisco Secure ACS是Cisco网络设备的中央管理平台,用于控制设备的认证和授权。
        Cisco Secure ACS中存在认证绕过漏洞,远程攻击者可能利用此漏洞劫持现有的认证后的会话。
        在认证后,运行在TCP端口2002上的Cisco Secure ACS Web管理接口会将连接重新定向到1024和65535之间动态分配的端口号上,具体取决于用户用于认证之后HTTP连接的IP地址。这有助于攻击者劫持管理会话,因为端口号是以顺序的方式分配的,没有使用很强的认证。

- 公告与补丁

        临时解决方法:
        * 配置ACL限制非授权用户对Web接口的访问。
        

- 漏洞信息

26825
Cisco Secure Access Control Server (ACS) Session Management Authentication Bypass
Remote / Network Access Authentication Management
Loss of Integrity
Exploit Unknown

- 漏洞描述

Secure ACS contains a flaw that may allow a malicious user to gain administrative access to the web interface. The issue is triggered by weak session management, in which the server assigns an administrative port to a client, and then uses the port and client IP for session validation. It is possible that the flaw may allow unauthorized administrative access to the server resulting in a loss of integrity.

- 时间线

2006-06-23 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站