SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Embedded Server/Appliance)  >   Cisco Video Surveillance Software Vendors:   Cisco
Cisco Video Surveillance Protocol Flaw in SSL Renegotiation May Let Remote Users Conduct Man-in-the-Middle Attacks
SecurityTracker Alert ID:  1023217
SecurityTracker URL:  http://securitytracker.com/id/1023217
CVE Reference:   CVE-2009-3555   (Links to External Site)
Date:  Nov 20 2009
Impact:   Modification of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in Cisco Video Surveillance Operations Manager and Cisco Video Surveillance Media Server. A remote user can conduct a man-in-the-middle attack on SSL session renegotiation.

A remote user with the ability to conduct a man-in-the-middle attack can exploit a flaw in the underlying SSL/TLS protocol to inject arbitrary plain text into the exchange between the client and the server, with the arbitrary data as a prefix to the session.

The vulnerability resides in the TLS 1.0 or later and SSLv3 protocols.

Cisco has assigned Cisco Bug IDs CSCtd02831 (Cisco Video Surveillance Media Server) and CSCtd02780 (Cisco Video Surveillance Operations Manager) to this vulnerability.

Marsh Ray of PhoneFactor and Martin Rex independently reported this vulnerability.

[Editor's note: The flaw resides in the protocol and not in the protocol implementation. Some vendors are implementing a temporary workaround that prohibits session renegotiation until the protocol itself can be modified. Several protocol implementations are affected, including OpenSSL, GnuTLS, Network Security Services, and Java Secure Socket Extension.]

Impact:   A remote user can with the ability to conduct a man-in-the-middle attack can inject arbitrary plain text data into the exchange, preceding the session data.
Solution:   No solution was available at the time of this entry.

The vendor's advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml

Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml (Links to External Site)
Cause:   Authentication error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Fri, 20 Nov 2009 03:36:27 +0000
Subject:  Cisco Video Surveillance Services Platform


http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml

CVE-2009-3555
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC