Cisco Security Manager MySQL Accessible Without Authentication (cisco-sa-20090121-csm)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote database server can be accessed without a password.

Description :

The version of Cisco Security Manager (CSM) running on the remote host
is using a vulnerable version of Cisco IPS Event Viewer (IEV). IEV is
included with CSM by default. When the IEV server is accessed remotely,
it opens up TCP ports that allow access to the MySQL or IEV server
without authentication. A remote, unauthenticated attacker could
exploit this to gain root access to the IEV database and server.

Note that the MySQL service uses SSL/TLS and is not directly accessible
using the official MySQL client.

See also :

http://www.cisco.com/en/US/products/csa/cisco-sa-20090121-csm.html

Solution :

Upgrade to one of the non-vulnerable versions of Cisco Security Manager
listed in Cisco Security Advisory cisco-sa-20090121-csm.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 69303 ()

Bugtraq ID: 33381

CVE ID: CVE-2008-3820