Two of the three vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS) prior to version 4.2.1 relate to third-party software used in conjunction with the appliance, according to an advisory.
CS-MARS uses an Oracle database to store confidential network event and configuration data. However, the database contains numerous default Oracle accounts, containing well-known passwords, which could be accessed to obtain sensitive information.
In addition, the JBoss web application server, which ships with CS-MARS, contains a bug that allows unauthenticated, remote attackers to heighten privileges and execute arbitrary shell commands.
A third vulnerability exists in the appliance's command line interface (CLI), used to perform administrative functions. The bug could allow administrators the ability to execute arbitrary shell commands with root privileges.
CS-MARS users are urged to install the latest software from the Cisco website, according to an advisory. There are no workarounds.