Cisco Voice VLAN 802.1x认证绕过漏洞
2008-04-10 03:03:18来源:互联网 阅读 ()
发布日期:2005-06-13
更新日期:2005-06-13
受影响系统:
Cisco Catalyst WS-C2924M-XL描述:
Cisco Catalyst Sup3
Cisco Catalyst Sup2plus
Cisco Catalyst 8540MSR
Cisco Catalyst 8540CSR
Cisco Catalyst 8510MSR
Cisco Catalyst 8510CSR
Cisco Catalyst 8500
Cisco Catalyst 7600
Cisco Catalyst 6624
Cisco Catalyst 6608
Cisco Catalyst 6509
Cisco Catalyst 6500
Cisco Catalyst 6000
Cisco Catalyst 5xxx supervisor software
Cisco Catalyst 5000
Cisco Catalyst 4948
Cisco Catalyst 4912G
Cisco Catalyst 4908G-13
Cisco Catalyst 4840G
Cisco Catalyst 4800
Cisco Catalyst 4510R
Cisco Catalyst 4507R
Cisco Catalyst 4506
Cisco Catalyst 4503
Cisco Catalyst 4500
Cisco Catalyst 4232-13
Cisco Catalyst 4232
Cisco Catalyst 4224 Access Gateway Switch
Cisco Catalyst 4000
Cisco Catalyst 4.5 (10)
Cisco Catalyst 3920 3.0 (7)
Cisco Catalyst 3900
Cisco Catalyst 3750
Cisco Catalyst 3560
Cisco Catalyst 3550
Cisco Catalyst 3500 XL
Cisco Catalyst 3500
Cisco Catalyst 3200
Cisco Catalyst 3000
Cisco Catalyst 29xx supervisor software
Cisco Catalyst 2980G-A
Cisco Catalyst 2980G
Cisco Catalyst 2970
Cisco Catalyst 2955
Cisco Catalyst 2950 LRE
Cisco Catalyst 2950
Cisco Catalyst 2948G-GE-TX
Cisco Catalyst 2948G-13
Cisco Catalyst 2948G
Cisco Catalyst 2948
Cisco Catalyst 2940
Cisco Catalyst 2926T
Cisco Catalyst 2926GS
Cisco Catalyst 2926GL
Cisco Catalyst 2926F
Cisco Catalyst 2926
Cisco Catalyst 2920
Cisco Catalyst 2902
Cisco Catalyst 2901
Cisco Catalyst 2900
Cisco Catalyst 2820
Cisco Catalyst 2800
Cisco Catalyst 1900
Cisco Catalyst 12xx supervisor software 4.30
Cisco Catalyst 12xx supervisor software 4.29
Cisco Catalyst 1200
Cisco CatOS 8.3
Cisco CatOS 8.2
Cisco CatOS 8.1
Cisco CatOS 7.6
Cisco CatOS 7.5
Cisco CatOS 7.4
Cisco CatOS 7.3
Cisco CatOS 7.2
Cisco CatOS 7.1
Cisco CatOS 6.4
Cisco CatOS 6.3
Cisco CatOS 6.2
Cisco CatOS 6.1
Cisco CatOS 5.6
Cisco CatOS 5.5
Cisco CatOS 5.4
Cisco CatOS 5.3
Cisco CatOS 5.2
Cisco CatOS 5.1
Cisco CatOS 4.5
Cisco CatOS 4.4
Cisco CatOS 4.3
Cisco CatOS 4.2
Cisco CatOS 4.1
Cisco CatOS 3.2
Cisco CatOS 3.1
Cisco CatOS 3.0
Cisco CatOS 2.4
Cisco CatOS 2.3
Cisco CatOS 2.2
Cisco CatOS 2.1
Cisco CatOS 12.1
Cisco CatOS 12.0
Cisco CatOS 11.2
Cisco Call Manager 4.0
Cisco Call Manager 3.3
Cisco Call Manager 3.2
Cisco Call Manager 3.1
Cisco Call Manager 3.0
Cisco Call Manager 2.0
Cisco Call Manager 1.0
BUGTRAQ ID: 13902
IEEE 802.1X是根据用户ID或设备对网络客户端(或端口)进行认证的标准。
Cisco交换机中存在认证绕过漏洞,允许攻击者匿名访问语音VLAN。
攻击者可以欺骗CDP报文,扮演Cisco IP电话,匿名加入语音VLAN。这可能允许攻击者未经预期的802.1x认证便可访问网络资源。由于网络管理员可能认为交换机端口访问仅限于通过认证的用户,因此可能导致错误的安全认知。
一旦攻击者获得了对语音VLAN的访问,他们就可以对服务器或主机发动进一步的攻击,或窃听VOIP会话。
<*来源:FishNet Security (csirt@fishnetsecurity.com)
链接:http://www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 运行较新Cisco Catalyst软件版本的用户可以DHCP Snooping and Port Security,Dynamic ARP Inspection (DAI)和IP Source Guard等特性来防范攻击。
此外,运行较新版本Cisco CallManager的用户可以使用Cisco IP Phones和CallManager所提供的特性来防范基于2层和3层的网络攻击。
厂商补丁:
Cisco
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请参考cisco-sn-20050608-8021x:
http://www.cisco.com/warp/public/707/advisory.html
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
