Guest

Product Support

Response to Privilege Escalation on Multiple Cisco Products

Document ID: 602

http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20060419-priv

Revision 1.0

For Public Release 2006 April 19 15:00  UTC (GMT)


Contents

Response
Additional Information
Status of this Notice: Final
Revision History
Cisco Security Procedures

Cisco Response

This is Cisco PSIRT's response to the privilege escalation vulnerability independently announced by Adam Pointon of Assurance.com.au and Mathieu Pepin of Axen Consulting. We would like to thank both Adam and Mathieu for bringing this issue to our attention.

The following products are affected by this vulnerability:

  • Cisco Wireless LAN Solution Engine (WLSE)
  • Cisco Hosting Solution Engine (HSE)
  • Cisco User Registration Tool (URT)
  • Cisco Ethernet Subscriber Solution Engine (ESSE)
  • CiscoWorks2000 Service Management Solution (SMS)

Additional Information

By exploiting this vulnerability, an authenticated attacker on the command line interface may obtain shell access to the underlying operating system by injecting specially crafted commands.

The following products are affected by this vulnerability:

  • Cisco WLSE - A separate Cisco Security Advisory has been published which addresses multiple vulnerabilities in the WLSE appliance, including this vulnerability. Refer to the security advisory at the following URL for more information on the impact and fixed software versions: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060419-wlse.
  • This vulnerability is addressed by the Cisco bug ID CSCsd22861 ( registered customers only) for the URT appliance. 2.5.5(A1) version of the URT software fixes this issue and can be downloaded from the following URL: http://www.cisco.com/pcgi-bin/tablebuild.pl/urt-3des.
  • Cisco HSE - This vulnerability is addressed by the Cisco bug ID CSCsd22859 ( registered customers only) for the HSE appliance. The HSE-PSIRT1 patch fixes this issue and can be downloaded from the following URL: http://www.cisco.com/pcgi-bin/tablebuild.pl/1105-host-sol.
  • Cisco ESSE - This product has reached End-of-Life therefore Cisco will not be providing fixed software for the ESSE product by default. Customers who require a fix for this should open a service request and request a fix through the Technical Support organization.
  • CiscoWorks SMS - This product has reached End-of-Life therefore Cisco will not be providing fixed software for the SMS product by default. Customers who require a fix for this should open a service request and request a fix through the Technical Support organization.

Status of this Notice: Final

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.


Revision History

Revision 1.0

2006-Apr-19

Initial public release.

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.