Signature Detail

HTTP: Cisco MARS JMX

This signature detects attempts to exploit a known vulnerability against Cisco MARS Jmx engine. A successful attack can lead to arbitrary code execution.

Extended Description

Cisco Security Monitoring, Analysis and Response System (CS-MARS) is prone to multiple vulnerabilities, including privilege-escalation, arbitrary command-execution, and information-disclosure issues. An attacker could exploit these issues to retrieve potentially sensitive information and possibly execute arbitrary commands with superuser privileges. This may facilitate a remote compromise of affected computers. Cisco has released version 4.2.1 to address these issues; prior versions are reported vulnerable. This BID has been separated into the following individual records and is therefore being retired: BID 19073 (Cisco Security Monitoring Analysis and Response System Information Disclosure Vulnerabilities) BID 19075 (Cisco Security Monitoring Analysis and Response System Arbitrary Command Execution Vulnerability) BID 19077 (Cisco Security Monitoring Analysis and Response System Multiple Privilege Escalation Vulnerabilities)

Affected Products

• Cisco CS-MARS 4.1.0
• Cisco CS-MARS 4.1.2
• Cisco CS-MARS 4.1.3
• Cisco CS-MARS 4.1.5

References

• BugTraq: 19071
• CVE: CVE-2006-3733
• URL: http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml