Vulnerabilities > CVE-2008-2736 - Information Exposure vulnerability in Cisco Adaptive Security Appliance 5500 8.0/8.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Seebug
| bulletinFamily | exploit |
| description | 发布时间:2008-09-04 录入:启明星辰 BUGTRAQ ID: 30998 CVE ID:CVE-2008-2732 CVE-2008-2733 CVE-2008-2734 CVE-2008-2735 CVE-2008-2736 CNCVE ID:CNCVE-20082732 CNCVE-20082733 CNCVE-20082734 CNCVE-20082735 CNCVE-20082736 Cisco PIX是一款防火墙设备,可为用户和应用提供策略强化、多载体攻击防护和安全连接服务;Cisco ASA是一款可提供安全和VPN服务的模块化平台。 Cisco PIX和Cisco ASA存在多个安全问题,远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击或获得敏感信息。 -错误的SIP处理漏洞 Cisco PIX和Cisco ASA设备SIP检查配置存在多个处理错误可导致拒绝服务攻击。所有Cisco PIX和Cisco ASA软件发型版本受此SIP处理漏洞影响,成功攻击可导致设备重载。 使用inspect sip命令可启用SIP检查。 要判断是否Cisco PIX或Cisco ASA安全应用配置了对SIP报文的检查配置,登录到设备并提交show service-policy | include sip命令,如果输出包含文本Inspect: sip和部分统计,那么此设备就受漏洞影响,如: asa#show service-policy | include sip Inspect: sip, packet 0, drop 0, reset-drop 0 asa# 这些漏洞的Cisco Bug IDs如下,并且CVE为CVE-2008-2732: CSCsq07867 (仅注册用户) CSCsq57091 (仅注册用户) CSCsk60581 (仅注册用户) CSCsq39315 (仅注册用户) -IPSec客户端验证处理漏洞 运行软件7.2, 8.0, 或8.1版本的Cisco PIX和Cisco ASA设备配置基于VPN连接的终端客户端受特殊构建验证处理漏洞影响,运行7.0或7.1版本不受此漏洞影响。 成功攻击可导致设备重载。 这漏洞的Cisco Bug ID为CSCso69942 ,并且CVE为CVE-2008-2733。 -SSL VPN内存泄漏和URI处理错误漏洞 特殊构建的SSL或HTTP报文可导致配置了终端无客户端VPN连接的Cisco ASA设备造成拒绝服务攻击。成功攻击可导致设备重载。 运行了无客户端SSL VPN的 7.2, 8.0, 或8.1版本下的设备受此漏洞影响。设备运行7.0和7.1的版本不受此漏洞影响。 无客户端VPN, SSL VPN客户端和AnyConnect连接可通过WEBVPN命令启用,如下面的配置显示了无客户端VPN配置的Cisco ASA ,在这种情况下,ASA会在默认TCP 443端口监听VPN连接: http server enable ! webvpn enable outside 注意使用这个特殊配置,在webvpn组配置中使用了enable outside命令,可导致攻击可从外部接口实现。 这些漏洞的Cisco Bug ID为Cisco Bug ID CSCso66472和 CSCsq19369 ,并且CVE为CVE-2008-2734和CVE-2008-2735。 -无客户端VPN可导致内存泄漏 配置了终端无客户端VPN连接的Cisco ASA设备,攻击者可以获得用户名和密码的敏感信息,这个攻击者诱使用户访问伪造的WEB服务器,回复EMAIL或与某个服务交互来利用此漏洞。 运行了无客户端SSL VPN的8.0, 或8.1版本下的设备受此漏洞影响。设备运行7.0和7.1或7.2的版本不受此漏洞影响。 无客户端VPN, SSL VPN客户端和AnyConnect连接可通过WEBVPN命令启用,如下面的配置显示了无客户端VPN配置的Cisco ASA ,在这种情况下,ASA会在默认TCP 443端口监听VPN连接: http server enable ! webvpn enable outside 注意使用这个特殊配置,在webvpn组配置中使用了enable outside命令,可导致攻击可从外部接口实现。 这漏洞的Cisco Bug ID为Cisco Bug ID CSCsq45636,并且CVE为CVE-2008-2736。 Cisco PIX/ASA 7.2.2 Cisco PIX/ASA 7.0.4 .3 Cisco PIX/ASA 7.0.4 Cisco PIX/ASA 7.0.1 .4 Cisco PIX/ASA 7.0 Cisco PIX/ASA 8.1(1)2 Cisco PIX/ASA 8.1(1)1 Cisco PIX/ASA 8.1 Cisco PIX/ASA 8.0(3)9 Cisco PIX/ASA 8.0(3)10 Cisco PIX/ASA 8.0(3) Cisco PIX/ASA 8.0(2)17 Cisco PIX/ASA 8.0(2) Cisco PIX/ASA 8.0 Cisco PIX/ASA 8.0 Cisco PIX/ASA 7.2.(2.8) Cisco PIX/ASA 7.2.(2.7) Cisco PIX/ASA 7.2.(2.19) Cisco PIX/ASA 7.2.(2.17) Cisco PIX/ASA 7.2.(2.16) Cisco PIX/ASA 7.2(4) Cisco PIX/ASA 7.2(3)2 Cisco PIX/ASA 7.2(3)006 Cisco PIX/ASA 7.2(2.24) Cisco PIX/ASA 7.2(2.15) Cisco PIX/ASA 7.2(2.14) Cisco PIX/ASA 7.2(2.10) Cisco PIX/ASA 7.2(2) Cisco PIX/ASA 7.2(1.22) Cisco PIX/ASA 7.2(1) Cisco PIX/ASA 7.2 Cisco PIX/ASA 7.1.(2.49) Cisco PIX/ASA 7.1.(2.48) Cisco PIX/ASA 7.1(2.5) Cisco PIX/ASA 7.1(2.27) Cisco PIX/ASA 7.1(2)70 Cisco PIX/ASA 7.1(2) Cisco PIX/ASA 7.1 (2.55) Cisco PIX/ASA 7.1 Cisco PIX/ASA 7.0 用户可参考如下Cisco安全公告获得补丁信息: <a href=http://www.cisco.com/warp/public/707/cisco-amb-20080903-asa.shtml target=_blank>http://www.cisco.com/warp/public/707/cisco-amb-20080903-asa.shtml</a> |
| id | SSV:3986 |
| last seen | 2017-11-19 |
| modified | 2008-09-10 |
| published | 2008-09-10 |
| reporter | Root |
| title | Cisco PIX和Cisco ASA多个拒绝服务和信息泄漏漏洞 |
References
- http://secunia.com/advisories/31730
- http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa
- http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html
- http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml
- http://www.securityfocus.com/bid/30998
- http://www.securitytracker.com/id?1020813
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44870