Vulnerability Note VU#353945

Secure Elements Class 5 AVR client generates predictable CEIDs

Overview

The Secure Elements Class 5 AVR client generates predictable CEIDs. This may allow an attacker to guess the unique identifier of a protected asset.

I. Description

Class 5 AVR

Secure Elements Class 5 AVR (Automated Vulnerability Remediation) is a security product that monitors and enforces security policies on network assets. Class 5 AVR is now known as C5 EVM (Enterprise Vulnerability Management). The Class 5 AVR software includes both server and client components.

Class 5 AVR client

The Class 5 AVR client listens on 60000/udp and an additional tcp port. This client receives commands sent by the Class 5 AVR server.

Class 5 AVR server

The Class 5 AVR server is available as an appliance or as software that runs on commodity hardware. The Class 5 AVR server contains information about network assets, vulnerabilities, and remediation history.

The problem

The Class 5 AVR client is identified by a property called the CEID. This identifier is predictable.

II. Impact

An attacker may be able to leverage the knowledge of a client's CEID to aid in the completion of other attacks on Class 5 AVR.

III. Solution

Upgrade or patch

This issue has been resolved in C5 EVM 2.8.1.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Secure Elements	Vulnerable	24-May-2006

References

http://www.secure-elements.com/products/index.htm

Credit

Thanks to the NOAA N-CIRT Lab for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public:	2006-05-30
Date First Published:	2006-05-30
Date Last Updated:	2006-06-06
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	0.08
Document Revision:	12

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader