Required Help on confirm if ACS 5.8 affected on CVE-2004-0230

Freemen · ‎04-04-2016

Hi all,

I have a ACS 5.8 newly deploy, client using Nexpose from Rapid7 to scan for vulnerability and found out that TCP Sequence Number Approximation Vulnerability (tcp-seq-num-approximation) is one of the vulnerability

however after checking on the Cisco web, no found that the ACS is on the list with any workaround or indicate ACS is actually also not been fix.

anyone can verify ?

https://tools.cisco.com/security/center/viewAlert.x?alertId=7569

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-nonios

Dinesh Moudgil · ‎04-04-2016

As per the above advisories, any ACS OS running on CiscoSecure ACS for Windows and Unix, and CiscoSecure ACS 1111 Appliance is affected.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Freemen · ‎04-04-2016

Hi Dinesh,

I forgot to highlight that the ACS appliance is 3415 UCS server.

this is weird part, the last update is 2014, and the tool still detected this

Aditya Ganjoo · ‎04-04-2016

Hi Chan,

The vulnerability applies to 5.x ACS. It was considered to be non-critical and it is not been addressed. There was bug filed and it was closed.

This vulnerability is the CVE-2004-0230.

It looks like this is a medium vulnerability which has been checked by the PSIRT team and considered non-critical.

Here are some good links to justify the above:

https://access.redhat.com/security/cve/CVE-2004-0230

http://lwn.net/Articles/81560/

http://www.iss.net/security_center/reference/vuln/tcp-rst-dos.htm

So I think this should not be a problem , probably it is a false-positive match.

Regards,

Aditya

Please rate helpful posts and mark correct answers.