Our staff have been both technical services providers and managers of IT departments, this enables us to help you to understand your options through independent advice. | Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS) |
| Wednesday, 19 July 2006 | |
| Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains vulnerabilities related to third-party software and the command line interface (CLI). - CS-MARS ships with an Oracle database. The database contains several default Oracle accounts which have well-known passwords. If access to the database is obtained, the default accounts may be used to access sensitive information contained in the database. - CS-MARS ships with the JBoss web application server. A component of the JBoss installation may allow a remote, unauthenticated user to execute arbitrary shell commands with the privileges of the CS-MARS administrator. - The CS-MARS CLI contains several vulnerabilities which may allow authenticated administrators to execute arbitrary shell commands with root privileges. |