cisco | IPNET - Part 4

Web Server Directory Traversal Vulnerability in Cisco CDS

The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a specially crafted URL.

An unauthenticated attacker may be able to exploit this issue to access sensitive information, including the password files and system logs, which could be leveraged to launch subsequent attacks.

All versions of system software on the Cisco Internet Streamer application are vulnerable prior to the first fixed release, but Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This vulnerability can be exploited over all open HTTP ports; TCP ports 80 (Default HTTP port), 443 (Default HTTPS port) and 8090 (Alternate HTTP and HTTPS port), as well as those that are configured as part of the HTTP proxy.

As an interim step prior to upgrading the Cisco content delivery system software, it is possible to deny access to sensitive directories via service rules. The following example shows denying access to move up a directory level. This also caters for other directory moves, such as “\.\./”, “.\./” or “\../”:

rule enable
rule action block pattern-list 1
rule pattern-list 1 url-regex ^http://.*/../.*
rule pattern-list 1 url-regex ^https://.*/../.*

If you are affected by this issue or just want to read more please do it at http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml.

Cisco Network Magic – funny marketing video

Not too much to say about. We all know that Cisco is investing a lot into it’s image on the market and sometimes we are dissapointed that what marketing is showing is different from the final product, but the next video worth every penny. At least is funny and can bring a smile on your network engineer face.

Enjoy!

Cisco IOS: single user access in CLI configuration terminal

Usually big companies with large network have a dedicated department which deals with all the network configuration. The problem that I have in mind is when this department is splitted over large geographical areas (e.g. some colleagues in Europe, some in Asia and some in America) it may happen that more than one colleague is working on the same device at the time.

This can cause overlapping configuration or other problems, due to the fact that more than one config is applied at the time causing conflicts.

There is one simple solution to avoid this problem by enabling single-user (exclusive) access functionality for the Cisco IOS command-line interface (CLI). Configuration of this feature is very simple:

1. enable

2. configure terminal

3. configuration mode exclusive {auto | manual}

4. end

As you can see mode exclusive has two options auto or manual:

The auto keyword automatically locks the configuration session whenever the configure terminal command is used. This is the default.
The manual keyword allows you to choose to lock the configuration session manually or leave it unlocked.

I would recommend using the default auto mode, but if for some reason you need manual mode, then you need to perform some additional tasks:

1. enable

2. configure terminal lock

3. Configure the system by entering your changes to the running configuration.

4. end

The manual method allow you to be able to lock the configuration mode only when you really need it to be lock. Compared to this, the auto mode, is locking the configuration all the time, so it’s considered more safe.

When you are in configuration mode excluside (no matter if auto or manual), you are configuring something through CLI and another user connected to that device is issuing the configuration terminal command, the following message will be displayed:

Configuration mode locked exclusively by user ‘unknown’ process ’88’ from terminal ‘0’. Please try later.Rollback confirmed change timer is cancelled due to configuration lock error.

This is just an example. In your case the user, process or terminal may be different. The message is useful as the second user trying to configure the device knows what’s going on and the engineer is not left in the fog without any clue.

Cisco Cius

It seems to me that Cisco want to compete with Apple on the touch screen devices market. The Cisco Cius product confirm this.

OK, skipping the funny part of this story, honestly I believe that Cisco is making efforts to take the (still) open part of the tablet devices market that is not so developed in this moment, and by this I mean the touch screen devices for professional use.

While companies like Apple focus their efforts to develop home use friendly devices, Cisco want to apply the same success recipe for the business sector. The launch of the iPad was enough to make Cisco think that Apple’s platform can be adapted for business use and in this idea they developed Cius.

The Cius will sport a a 7-inch screen, making it smaller and lighter than the iPad. Some highlights of the Cius technology are:

802.11a/b/g/n Wi-Fi, 3G/4G data and Bluetooth 3.0 help employees stay connected on and off-campus
HD video (720p) with Cisco TelePresence solution interoperability for lifelike video communication with the simplicity of a phone call
Virtual desktop client enables highly secure access to cloud-based business applications
Android operating system, with access Android marketplace applications
Collaboration applications including Cisco Quad, Cisco Show and Share, WebEx, Presence, and IM
HD Soundstation supports Bluetooth and USB peripherals, 10/100/1000 wired connectivity and a handset option
Detachable and serviceable 8-hour battery for a full day of work
Highly secure remote connections with Cisco AnyConnect Security VPN Client
HD audio with wideband support (tablet, HD Soundstation)

Cisco is also negotiating with six phone companies around the world to procure their services for Cius. The tablet5 device from Cisco will feature the ability to connect to Wi-Fi hot spots and cellular broadband networks.

The Cius is expected to be sold for less than a $1,000 and if Cisco is able to make a dent in the sales of iPads by attracting customers, then I’m sure that other companies will jump on this “train” developing similar products.

Below, I you can enjoy 2 videos of the Cisco Cius product. One is the designed for the marketing purpose, but the second one has an interesting “hands on” demo.

New benefits for Cisco 360 Learning Program

Today I’ve received an e-mail with the following content:

Dear Cisco Certified Colleague,

CCIE certifications are as popular as ever. A recent publication has listed both the CCIE and the CCIE Voice certifications in their top 10 IT networking list* and has cited both as highly sought-after by employers. If that’s not enough motivation to keep moving up the certification ladder, the Global Knowledge 2010 IT Skills and Salary Survey identifies the CCIE credential as the highest paid networking certification!

The Cisco 360 Learning Program can help you obtain the knowledge and skills you need to pass the rigorous CCIE certification lab exam. As the only Cisco developed and approved CCIE training program available, the blended learning curriculum contains over 350 hours of practical, hands-on lab configurations that have been proven to accelerate development.

Now, Cisco has enhanced its expert-level training program to offer additional value and training assurance to help you work your way towards a Cisco CCIE® certification. Beginning June 22, 2010, you will be given more time to practice expert-level skills using the Cisco 360 Learning Program components. The subscription period for all components that are accessed through LMS will be extended from 12 months to 18 months.

The extension applies to Preassessment Lab, Self-Paced Lessons (also downloadable), Performance Assessments, Practice Workbook, and the Reference Library.
The extension will be automatically made in the LMS for all current subscriptions

The following benefits** will also be available to qualified Cisco 360 Learning Program students:

Benefits:	Qualifications to be met by June 30, 2011:
Free graded Preassessment Lab (value of $289 USD)	When you purchase at least one instructor-led workshop for CCIE Routing and Switching or CCIE Voice and the Preassessment Lab will be made available for free through your Cisco 360 Learning Management System (LMS) account.
Priority scheduling of CCIE Mobile Lab Event	When you purchase and complete at least one instructor-led workshop for CCIE Routing and Switching or CCIE Voice and all classroom assessments, then contact your Cisco Learning Partner for scheduling assistance.
Cisco Lab Safe: Free retake on CCIE Lab Exam, which is valid for 18 months from the day it is issued (value of $1400 USD)	You must complete at least one of the following two qualifications: Previous Promotion Extended: Purchase and complete either the Essentials or Preferred bundle for CCIE Routing and Switching and complete the four Lab Readiness Assessments (CIERS03, CIERS04, CIERS10, and CIERS11), earning a score of 80 or better on at least one assessment. New Promotion: Purchase and complete at least one instructor-led workshop for CCIE Routing and Switching or CCIE Voice, including all classroom assessments. (No additional assessments need be purchased and no minimum score is required). In both scenarios, you must first make one paid attempt at the lab, and then contact Learning Partner to request free voucher code from Cisco by December 31, 2011. Free retake is limited to one per track

It seems that Cisco is trying to attract more audience to it’s program. The benefits are great, what can I say, but in this time also a change in the price system would be welcomed.