ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities

Tags: RSA NetWitness Platform, Security Advisories

Advisory Type

Security

Advisory Content

EMC Identifier: ESA-2013-080

CVE Identifier: CVE-2013-6180  

Severity Rating: CVSS v2 Base Score: See below for individual scores

Affected Products:

RSA Security Analytics 10.x

RSA NetWitness NextGen 9.8

Unaffected Products:

RSA Security Analytics 10.3

Summary: 

RSA, The Security Division of EMC, announces security fixes to address multiple vulnerabilities in RSA Security Analytics.

Details: 

RSA Security Analytics 10.3 contains resolutions and updates to the following issues:

1) RSA Security Analytics Untrusted User Agent Access Vulnerability (CVE-2013-6180)

CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

RSA Security Analytics allows direct access to SA Core from other user agents in addition to the SA REST UI. This could allow untrusted user agents such as web browsers to conduct web application attacks against SA Core.

RSA Security Analytics 10.3 introduces a security configuration setting to block access from potentially untrusted user agents and only allow direct access from the SA REST UI. See release notes for more details.

For 9.8 customers it is suggested that the REST service be turned off unless they are using Live.  If they are using Live, REST access to the Decoders would need to be allowed but access to desktop networks should not be allowed.

2) Previous versions of RSA Security Analytics contain security vulnerabilities in the underlying operating system of the appliances.

Recommendation:

RSA recommends that Security Analytics customers upgrade to RSA Security Analytics 10.3 and apply the recommended security configuration changes at their earliest opportunity. 

The SA_OS_Update-040814.tgz can be downloaded from the SCOL website at https://knowledge.rsasecurity.com/scolcms/set.aspx?id=10160. This CentOS and 3rd party security update will require a reboot . See release notes for more details.