Cisco Security Monitoring, Analysis and Response System and Adaptive Security Device Manager Secure Communication Vulnerability

Cisco Security Monitoring, Analysis and Response System versions prior to 4.2.3 and Cisco Adaptive Security Device Manager versions prior to 5.2(2.1) contain a vulnerability that could allow an unauthenticated, remote attacker to impersonate a device managed by the system.

The vulnerability exists because the devices to not properly validate SSL/TLS certificates or SSH public keys from managed devices. An unauthenticated, remote attacker could exploit this vulnerability to impersonate devices managed by the system. An attacker could leverage this to gain access to sensitive information, such as authentication credentials, or submit false data to the system.

Exploit code is not required to exploit this vulnerability.

Cisco confirmed the
vulnerability with a security advisory and released updated software.

Because the affected applications do not validate the SSL/TLS certificates or SSH public keys presented by their managed devices, an attacker could set up a system with the same IP address as a vulnerable system and hope that a connection will be mistakenly made to the impersonating device rather than the legitimate one. This is a possibility, given the nature of IP routing, when there is more than one system on the network with the same IP address. However, erratic routing behavior is likely to result under these circumstances. Some packets may be sent to the legitimate system while others may be sent to the impersonator, making it harder for the attacker to obtain authentication credentials or to send misleading information.