Cisco Security Agent Management Center (CSAMC) version 5.1 contains an administrator authentication bypass vulnerability when configured to authenticate administrators against an external LDAP server.
There are three roles for CSAMC administrators: configure, deploy, and monitor. The configure role has complete access to the CSAMC application, including the ability to create security policies. The deploy role can create agent kits, deploy security policies, and perform application monitoring. The deploy role cannot modify security policies. The monitoring role can only perform application monitoring functions.
All CSAMC administrator accounts are defined in the local CSAMC database and have an assigned role. CSAMC can be configured to use an external LDAP server to authenticate administrators. As a safety feature, it is possible to specify certain administrator accounts to fall back to local authentication if the LDAP server is unavailable.
If CSAMC is configured to use LDAP for authentication, it is possible to supply a valid administrator username and blank (zero length) password and gain administrative access to the CSAMC application with the role privileges of the administrator. This vulnerability occurs when CSAMC incorrectly handles an authentication failure message from the LDAP server. The administrator password stored on the LDAP server is a valid, non-blank password.
CSAMC version 5.1 is the first to include external LDAP authentication. LDAP authentication is not the default configuration for CSAMC and must be explicitly configured. The LDAP server in this configuration is not built into CSAMC.
Information on configuring administrator LDAP authentication for CSAMC can be found here:
Information on configuring role-based administration for CSAMC can be found here:
This vulnerability is documented in Cisco Bug ID CSCsg40822 ( registered customers only) .