COMMAND

    Cisco

SYSTEMS AFFECTED

    Cisco SN 5420 Storage Routers

PROBLEM

    Following  is   based  on   a  Cisco   Security  Advisory.     Two
    vulnerabilities  have  been  discovered  in  Cisco SN 5420 Storage
    Router software release  up to and  including 1.1(3).   One of the
    vulnerabilities  can  cause  Denial-of-Service  attack.  The other
    allows unrestricted low level access to the SN 5420.

    The vulnerabilities are documented in Cisco Bug IDs CSCdu27529 and
    CSCdu27514.   Cisco  SN  5420  Storage  Routers  running  software
    release  up  to   and  including  1.1(3)   are  affected  by   the
    vulnerabilities.  To determine  your software release, type  "show
    system"  at  the  command  prompt.   No  other  Cisco products are
    affected by these vulnerabilities.

    CSCdu27529
    ==========
    You  can  reboot  the  device  by  rapidly  establishing  multiple
    connections  to   TCP  port   8023.    By  repeatedly   exploiting
    CSCdu27529,  it  is  possible  to  prevent  a  user from accessing
    storage, thus causing Denial-of-Service attack.


    CSCdu27514
    ===========
    When logging into SN 5420 using "rlogin" or when connecting to the
    port 8023 from the GigabitEthernet or management interface, a user
    can access a developer's' shell of  the SN 5420.  The user  is not
    asked for a password.  No other authorization is performed.   This
    shell is used during developing for testing.

    Starting  with  software  releases  1.1(4),  this  capability   is
    removed from the software.

    When  logged  into  a  developer's  shell  (CSCdu27514), users can
    execute debug  commands, start  and stop  processes, and interfere
    with the normal process execution.   Users who are logged in  such
    a  manner  and  all  commands  executed  by them are not logged or
    shown using the  standard logging mechanism  of the Cisco  SN 5420
    Storage Router.

SOLUTION

    There is no workaround for these vulnerabilities.  It is  possible
    to mitigate them by blocking access  to ports 513 and 8023 on  the
    network edge.

    The  vulnerabilities  are  fixed  in  the  release  1.1(4)  of the
    software, which is availabe on CCO.