Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Cisco Application Networking Manager Default User Credentials Security Bypass Vulnerability

Subscribe

Check Point Reference: CPAI-2009-046
Date Published:
Severity:
Last Updated:
Source: cisco-sa-20090225-anm
Industry Reference(s): CVE-2009-0616
Protection Provided by: Security Gateway
  • R70
IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Cisco Systems Application Networking Manager (ANM) Prior to 2.0
Vulnerability Description
A security bypass vulnerability exists in Cisco Application Networking Manager (ANM). ANM is a network management application that manages Cisco Application Control Engine (ACE) modules or appliances. A remote attacker could exploit this vulnerability to take complete control of an affected system.
Update/Patch Available
Update the vulnerable product:
cisco-sa-20090225-anm
Vulnerability Details
The vulnerability is due to a design error in the ANM that does not force credential changes during installation. A remote attacker may exploit this issue by accessing the ANM using default user credentials. Successful exploitation of this vulnerability could allow the attacker to take complete control of an affected system.

Protection Overview
By enabling this protection, IPS will detect and block login attempts with default user credentials.

In order for the protection to be activated, update your Security Gateway product to the latest SmartDefense update.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R70

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Application Intelligence > Cisco.
2. In the right pane, double-click the following protection:

Cisco Application Networking Manager Default User Credentials Security Bypass

3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Cisco Protection Violation
Attack Information: Cisco ANM default user credentials security bypass

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > WWW 2, and select the CGI Attacks protection group.
3. Click Cisco Application Network Manager Default Username and Password (CVE-2009-0616) - IPS-1 NGX R65 only.
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?

Upon attack, the following entries will be logged:

Alert Name: WWW/CGI Attacks Protection Group
Description: Cisco Application Network Manager Default Username and Password (CVE-2009-0616)