| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Nov 2015 21:41:30 +1100 From: Matthew Flanagan <mattimustang@...il.com> To: fulldisclosure@...lists.org, bugtraq@...urityfocus.com Subject: [FD] CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability Title: Cisco FireSIGHT Management Center Certificate Validation Vulnerability Blog URL: http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.html Vendor: Cisco Product: FireSIGHT Management Center Affected Versions: 5.2.x, 5.3.x, 5.4.x Advisory URL: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc CVE: CVE-2015-6357 CVSS: 5.1 The Cisco FireSIGHT Management Center appliance is used to manage Cisco FirePOWER Intrusion Prevention Systems (IPS), also known as Sourcefire IPS. FireSIGHT is responsible for downloading updated IPS signatures and installing them on managed IPS devices. On its own the Cisco FireSIGHT Management Center Certificate Validation Vulnerability is a medium severity vulnerability with a CVSS of 5.1. However, this vulnerability is an example of why SSL certificate validation is so important. In this exploit I will demonstrate how the vulnerability can be leveraged to obtain privileged remote command execution on a Cisco FireSIGHT system. The exploit chains the SSL validation vulnerability with the software update process on the Cisco FireSIGHT system to trick the target system into downloading a malicious update and executing it to obtain a reverse shell with **root** privileges. Read the full advisory at http://wadofstuff.blogspot.com.au/2015/11/cve-2015-6357-firepwner-exploit-for.html Credits: This security vulnerability was found by Matthew Flanagan. Disclosure Timeline: - 2015-08-31 Vulnerability discovered in FireSIGHT 5.4.x and exploit developed by Matthew Flanagan. - 2015-09-01 Initial contact made with Cisco PSIRT psirt@...co.com. - 2015-09-01 PSIRT responded asking for more information. - 2015-09-01 Matthew Flanagan provided PSIRT with full write up and exploit of vulnerability. - 2015-09-02 PSIRT raised FireSIGHT defect and incident PSIRT-190974966. - 2015-09-15 Matthew Flanagan reported to Cisco PSIRT that versions 5.2.0 and 5.3.0 are also vulnerable. - 2015-10-16 PSIRT advised me of the CVSS score they assigned to the vulnerability. - 2015-11-09 PSIRT assigned CVE ID CVE-2015-6357. - 2015-11-16 [Cisco FireSIGHT Management Center Certificate Validation Vulnerability][3] published. - 2015-11-16 Matthew Flanagan's findings published. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists