Cisco Security Agent Management Center (CSAMC) version 5.1 contains an
administrator authentication bypass vulnerability when configured to
authenticate administrators against an external LDAP server.
There are three roles for CSAMC administrators: configure, deploy, and
monitor. The configure role has complete access to the CSAMC application,
including the ability to create security policies. The deploy role can create
agent kits, deploy security policies, and perform application monitoring. The
deploy role cannot modify security policies. The monitoring role can only
perform application monitoring functions.
All CSAMC administrator accounts are defined in the local CSAMC
database and have an assigned role. CSAMC can be configured to use an external
LDAP server to authenticate administrators. As a safety feature, it is possible
to specify certain administrator accounts to fall back to local authentication
if the LDAP server is unavailable.
If CSAMC is configured to use LDAP for authentication, it is possible
to supply a valid administrator username and blank (zero length) password and
gain administrative access to the CSAMC application with the role privileges of
the administrator. This vulnerability occurs when CSAMC incorrectly handles an
authentication failure message from the LDAP server. The administrator password
stored on the LDAP server is a valid, non-blank password.
CSAMC version 5.1 is the first to include external LDAP
authentication. LDAP authentication is not the default configuration for CSAMC
and must be explicitly configured. The LDAP server in this configuration is not
built into CSAMC.
Information on configuring administrator LDAP authentication for CSAMC
can be found here:
Information on configuring role-based administration for CSAMC can be
This vulnerability is documented in Cisco Bug ID
registered customers only)