Cisco Network Building Mediator

CVEs (6)

Remediations

• Cisco has provided information on vulnerability workarounds
• they have also released free software updates that address these vulnerabilitiesCisco, (http://www.cisco.com/warp/public/707/cisco-sa-20100526-mediator.shtml), website last visited May 27, 2010.
• Default Credentials Administrator's credentials can be changed using the procedure as described in Cisco Network Building Mediator User GuideCisco, (http://www.cisco.com/en/US/docs/security/physical_security/cnbm/3.x/User/Guide/Mediator_User_Guide.pdf), website last visited May 27, 2010. Details of the procedure are given in section 2-10, Recovering the Cisco Network Building Mediator Password.
• Privilege Escalation There are no workarounds for these vulnerabilities.
• Unauthorized Information Interception The following workaround is applicable only to the vulnerability related to HTTP protocol. There is no workaround for the vulnerability that affects XML RPC service.
• The workaround for this vulnerability is to disable HTTP service and use HTTPS instead. The HTTPS service is enabled and running by default and no further actions are needed to enable it. The HTTP service can be disabled with configTOOL. The configTOOL is the software running on the operator workstation and is used to configure the Multi-Protocol Exchange of the Cisco Network Building Mediator.
• After applying this workaround to software releases 1.5.1 and 2.2, configTOOL version 3.1.0b1 is required to continue configuring Cisco Network Building Mediator via configTOOL.
• To start configTOOL, double-click the Cisco Network Building Mediator configTOOL shortcut icon on the desktop, or choose Start > All Programs > Network Building Mediator configTOOL. Connect to a Cisco Network Building Mediator using the procedure as described in Cisco Network Building Mediator User GuideCisco, (http://www.cisco.com/en/US/docs/security/physical_security/cnbm/3.x/User/Guide/Mediator_User_Guide.pdf), website last visited May 27, 2010. at, section 3-2 Connecting to the Cisco Network Building Mediator Using configTOOL. Inside the Node tree pane, expand the services tab, and then expand tab the network tab. Click the http_server tab, and then click the Enabled to uncheck it.
• Unauthorized Information Access There is no workaround for this vulnerability.
• Limiting Access Using IP Tables The following protection measure can reduce risk from unauthorized access to the Cisco Network Building Mediator and minimize the risks associated with the vulnerabilities described in this advisory. This mitigation is not effective against unauthorized information interception vulnerabilities as exploitation of these vulnerabilities do not depend on accessing the device itself, but on intercepting session between an operator console and the Cisco Network Building Mediator.
• Administrators are advised to be selective when choosing the devices that are allowed to establish connections to the Cisco Network Building Mediator. The following rules will allow only legitimate operator console(s) to establish sessions to the Cisco Network Building Mediator. To execute following commands you must have administrator privileges on the Cisco Network Building Mediator. In the following examples, it is assumed that the operator console has IP address 192.0.2.1. The 192.0.2.1 address must be changed to match the IP address used by the designated operator console.

Affected Vendors

Affected Products (3)