Cisco Systems today announced the availability of free software to fix vulnerabilities in several security software products that run on the company's appliances, routers and switches. The vulnerabilities could allow a malicious user to bypass security and gain unauthorized access to the devices or escalate their privileges in order to sniff traffic, launch denial-of-service attacks or perform network reconnaissance.
The vulnerabilities affect versions 5.0(1) and 5.0(3) of the software for the Cisco Guard and Cisco Traffic Anomaly Detector appliances, as well as the Anomaly Guard Module and Traffic Anomaly Detector Module for the Cisco Catalyst 6500 switches and Cisco 7600 routers. The vulnerability only exists where the devices are incorrectly configured to use TACACS+ authentication.
The Cisco Guard and Cisco Traffic Anomaly Detector appliances, and the Anomaly Guard Module and Traffic Anomaly Detector Module for the Cisco Catalyst 6500 switches and Cisco 7600 routers detect potential distributed denial-of-service attacks and divert the attack traffic without affecting legitimate network traffic. TACACS+ (Terminal Access Controller Access Control System) is a protocol used to authenticate users attempting to gain access to network devices. TACACS+ authentication is disabled by default. A correct TACACS+ configuration uses the "tacacs-server host" command to specify the external TACACS+ server. If TACACS+ authentication is specified but this command is missing, the user can bypass authentication.
If TACACS+ authentication is not specified, or it is specified and the necessary "tacacs-server host" command is present, the system is not vulnerable. Also, versions of the Cisco Guard and Cisco Traffic Anomaly Detector software before 5.0, or at 5.1 or above, are not vulnerable.
Users can mitigate this vulnerability by using the necessary "tacacs-server host" command. This vulnerability is fixed in the 5.1 series of the Cisco Guard and Cisco Traffic Anomaly Detector software, which begins with version 5.1(4). Users of the vulnerable software can obtain fixes from Cisco.
Edmund X. DeJesus (email@example.com) is a freelance writer in Norwood, Mass.