Bugtraqmailing list archives
Cisco Security Advisory: ATA-186 Password Disclosure Vulnerability
From: Cisco Systems Product Security Incident Response Team <psirt () cisco com>
Date: Thu, 23 May 2002 16:25:00 -0400
-----BEGIN PGP SIGNED MESSAGE-----Cisco Security Advisory: ATA-186 Password Disclosure VulnerabilityRevision 1.0: INTERIMFor Public Release 2002 May 23 16:00 GMT- -------------------------------------------------------------------------------Contents======== Summary Affected Products Details Impact Software Versions and Fixes Obtaining Fixed Software Workarounds Exploitation and Public Announcements Status of This Notice Distribution Revision History Cisco Security Procedures- -------------------------------------------------------------------------------Summary=======The Cisco ATA 186 Analog Telephone Adaptor is a handset-to-Ethernet adaptorthat interfaces regular analog telephones with IP-based telephony networks. Theadaptor turns traditional telephones into IP telephones.The ATA-186 is provided with a web-based configuration interface whoseauthentication is trivially circumvented. Using a crafted HTTP POST request theconfiguration of the device will be returned to the browser revealingconfiguration information such as passwords.This notice will be posted athttp://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml.Affected Products=================The affected product is the Cisco ATA-186 analog telephone adapter. Allreleases before build 020514a are affected.No other Cisco product is currently known to be affected by this vulnerability.Details=======CSCdx54579 A simple crafted HTTP POST request may cause the ATA-186 to display its configuration screen. Since the device does not hash its password, the actual password can be gleaned from this screen. The device can also be reconfigured in this way by constructing an HTTP POST with the appropriate parameters.Impact======By exploiting this vulnerability an attacker can compromise the integrity ofthe ATA-186.Software Versions and Fixes===========================+---------------------------------------------------------------------------+| Version Affected | Fixed Regular Release (available now) || | Fix carries forward into all later versions ||------------------------+--------------------------------------------------|| Prior to build 020514a | ata186-v2-14-020514a-2.zip (H.323/SIP image) || | ata186-v2-14-ms-020514a-2.zip (SCCP/MGCP image) |+---------------------------------------------------------------------------+Obtaining Fixed Software========================Cisco is offering free software upgrades to address this vulnerability for allaffected customers. Customers may only install and expect support for thefeature sets they have purchased.Customers with service contracts should contact their regular update channelsto obtain any software release containing the feature sets they have purchased.For most customers with service contracts, this means that upgrades should beobtained through the Software Center on Cisco's Worldwide Web site athttp://www.cisco.com/.Customers whose Cisco products are provided or maintained through a prior orexisting agreement with third-party support organizations such as CiscoPartners, authorized resellers, or service providers should contact thatsupport organization for assistance with obtaining the free software upgrade(s).Customers who purchased directly from Cisco but who do not hold a Cisco servicecontract, and customers who purchase through third party vendors but areunsuccessful at obtaining fixed software through their point of sale, shouldobtain fixed software by contacting the Cisco Technical Assistance Center (TAC)using the contact information listed below. In these cases, customers areentitled to obtain an upgrade to a later version of the same release or asindicated by the applicable row in the Software Versions and Fixes table (notedabove).Cisco TAC contacts are as follows: * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac () cisco comSeehttp://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additionalTAC contact information, including special localized telephone numbers andinstructions and e-mail addresses for use in various languages.Please have your product serial number available and give the URL of thisnotice as evidence of your entitlement to a free upgrade.Please do not contact either "psirt () cisco com" or "security-alert () cisco com"for software upgrades.Workarounds===========There is no known workaround. A software upgrade is necessary.Exploitation and Public Announcements=====================================This vulnerability was announced on the BUGTRAQ mailing list on 2002-05-09 (http://online.securityfocus.com/archive/1/271973) with sufficient informationthat anyone could exercise the flaw.The Cisco PSIRT has received no reports of malicious exploitation of thisvulnerability.Status of This Notice: INTERIM==============================This is an interim notice. Although Cisco cannot guarantee the accuracy of allstatements in this notice, all of the facts have been checked to the best ofour ability. Cisco does not anticipate issuing updated versions of this noticeunless there is some material change in the facts. Should there be asignificant change in the facts, Cisco may update this notice.Distribution============This notice will be posted on Cisco's Worldwide Web site athttp://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml. In addition to Worldwide Web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients: * cust-security-announce () cisco com * bugtraq () securityfocus com * first-teams () first org (includes CERT/CC) * cisco () spot colorado edu * cisco-nsp () puck nether net * comp.dcom.sys.cisco * firewalls () lists gnac com * Various internal Cisco mailing listsFuture updates of this notice, if any, will be placed on Cisco's Worldwide Webserver, but may or may not be actively announced on mailing lists ornewsgroups. Users concerned about this problem are encouraged to check the URLgiven above for any updates.Revision History================+-------------------------------------------------------------------------+|Revision |2002-May-23|Initial Public Release ||1.0 |16:00 GMT | |+-------------------------------------------------------------------------+Cisco Security Procedures=========================Complete information on reporting security vulnerabilities in Cisco products,obtaining assistance with security incidents, and registering to receivesecurity information from Cisco, is available on Cisco's Worldwide Web site athttp://www.cisco.com/warp/public/707/sec_incident_response.shtml. This includesinstructions for press inquiries regarding Cisco security notices. All CiscoSecurity Advisories are available athttp://www.cisco.com/go/psirt/.- -------------------------------------------------------------------------------This notice is Copyright 2002 by Cisco Systems, Inc. This notice may beredistributed freely after the release date given at the top of the text,provided that redistributed copies are complete and unmodified, and include alldate and version information.- ------------------------------------------------------------------------------------BEGIN PGP SIGNATURE-----Version: PGP 6.5.2iQEVAwUBPO0JLg/VLJ+budTTAQEr7wf/d3cQOIaXbbn39W2PCQOqyL7nyUWdMPUiq4prEfiV4siVYFJTCLQjjj5SMlCL0BH4cahkWDIXO+fXtdeWKlBb4EtW1jX58LxcBXrsJHzsk1sdQNV1zLrwlMXFlH3lOlyko1pyHDbbJmLmTveD+fnrpGvEbORcLTLd4lbWEdoxKZROsFAXEBqgxVjiZ1CbNFH/zLuq1axOY0Lh/xDMPw2TmbNM0fTmhHbsvudLL8uRRE+hyyW7dv2rKoENWaK6JuWW3TMIP7UAvqF9vSZsk8711gBaiPOxwONOvid5qbecFvn3tnVOeFk0BuOAmgLWysiRR7WxDwyx+TpnM+BHXItNqg===QYZw-----END PGP SIGNATURE-----
Current thread:
- Cisco Security Advisory: ATA-186 Password Disclosure VulnerabilityCisco Systems Product Security Incident Response Team (May 23)