Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Response > CCIRC > Analytical releases 2010 > AV10-015: Multiple Vulnerabilities in Cisco Network Building Mediator

Institutional links

Multiple Vulnerabilities in Cisco Network Building Mediator

Number: AV10-015
Date: 27 May 2010

Purpose

The purpose of this advisory is to bring attention to multiple vulnerabilities in Cisco Network Building Mediator (NBM), which, if exploited, could affect the security and integrity of critical building services such as ventilation, lighting, security and energy supply.

Assessment

Multiple vulnerabilities exist in the Cisco NBM products. These vulnerabilities also affect the legacy Richards-Zeta Mediator products.

Default credentials - Default credentials are assigned for several predefined user accounts on the device including the administrative user account. Any user with network access to the device can log in as an administrator and take complete control over the vulnerable device.

Privilege escalation - Vulnerabilities in this category enable unauthorized users to read and modify device configuration. A malicious user must authenticate as an existing user but does not need to have administrator privileges or know administrator credentials to modify device configuration. Both vulnerabilities can be exploited over either transport protocol (HTTP or HTTPS).

Unauthorized information interception - The following vulnerabilities reflect the fact that sessions between an operator workstation and the Cisco NBM are not protected against unauthorized interception. A malicious user able to intercept the sessions could learn any credentials used during intercepted sessions (for administrators and non-administrators), and could subsequently take full control of the device.

Unauthorized information access - A malicious user could read one of the system configuration files. Configuration files contain user accounts details, including passwords. Authentication is not required to read configuration files. An attacker could perform this attack over either XML RPC or XML RPC HTTPS protocol.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of the listed vulnerabilities are available.

Affected software:
These vulnerabilities affect the legacy Richards-Zeta Mediator 2500 product and Cisco  NBM-2400 and NBM-4800 models. All Mediator Framework software releases prior to 3.1.1 are affected by all vulnerabilities listed in this security advisory.

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.

These vulnerabilities were discovered during internal testing.

REFERENCES
-------------
The vendor is tracking via Cisco Bug IDs:

  • CSCtb83495 (registered customers only) has been assigned the CVE identifier CVE-2010-0595.
  • CSCtb83607 (registered customers only) has been assigned CVE identifier CVE-2010-0596.
  • CSCtb83618 (registered customers only) has been assigned CVE identifier CVE-2010-0597.
  • CSCtb83631 (registered customers only) has been assigned CVE identifier CVE-2010-0598.
  • CSCtb83505 (registered customers only) has been assigned CVE identifier CVE-2010-0599.
  • CSCtb83512 (registered customers only) has been assigned CVE identifier CVE-2010-0600.

Cisco Security advisory: Multiple Vulnerabilities in Cisco Network Building Mediator
http://www.cisco.com/warp/public/707/cisco-sa-20100526-mediator.shtml

Suggested action

CCIRC recommends that departments liaise with the administrators/maintainers of the network service to identify affected products and assess the need to apply the appropriate updates and/or workarounds. Cisco has suggested workarounds for the Default credentials and Unauthorized information interception vulnerabilities. Currently, there are no workarounds for the Privilege escalation or the Unauthorized information access vulnerabilities.

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-05-27
Top of Page
Top of Page
Important Notices