|
COMMAND Cisco SYSTEMS AFFECTED Cisco SN 5420 Storage Routers PROBLEM Following is based on a Cisco Security Advisory. Two vulnerabilities have been discovered in Cisco SN 5420 Storage Router software release up to and including 1.1(3). One of the vulnerabilities can cause Denial-of-Service attack. The other allows unrestricted low level access to the SN 5420. The vulnerabilities are documented in Cisco Bug IDs CSCdu27529 and CSCdu27514. Cisco SN 5420 Storage Routers running software release up to and including 1.1(3) are affected by the vulnerabilities. To determine your software release, type "show system" at the command prompt. No other Cisco products are affected by these vulnerabilities. CSCdu27529 ========== You can reboot the device by rapidly establishing multiple connections to TCP port 8023. By repeatedly exploiting CSCdu27529, it is possible to prevent a user from accessing storage, thus causing Denial-of-Service attack. CSCdu27514 =========== When logging into SN 5420 using "rlogin" or when connecting to the port 8023 from the GigabitEthernet or management interface, a user can access a developer's' shell of the SN 5420. The user is not asked for a password. No other authorization is performed. This shell is used during developing for testing. Starting with software releases 1.1(4), this capability is removed from the software. When logged into a developer's shell (CSCdu27514), users can execute debug commands, start and stop processes, and interfere with the normal process execution. Users who are logged in such a manner and all commands executed by them are not logged or shown using the standard logging mechanism of the Cisco SN 5420 Storage Router. SOLUTION There is no workaround for these vulnerabilities. It is possible to mitigate them by blocking access to ports 513 and 8023 on the network edge. The vulnerabilities are fixed in the release 1.1(4) of the software, which is availabe on CCO.