Radius server test connectivity fails : Error: 1812/udp’ is not a valid Radius authentication port or Radius client is not configured properly in the Radius server.

We have seen certain cases where a PBR is configured for the management IP (NSIP) pointing to a next hop gateway.

In case the ADC does not have a SNIP in the same subnet as the next hop configured, then the packet might never leave the ADC and hence it would fail.

No SNIP causes the Radius packet from Freebsd to Virtual server to be not sent to the actual server.

Related:

  • No Related Posts

Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability

A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device.

This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq

Security Impact Rating: Medium

CVE: CVE-2021-1243

Related:

  • No Related Posts

Unable to use TLS/SSL LDAP Auth after ADM upgrade to latest build 13.0-71.40 – TLS Handshake fails with “Unknown CA”

Permanent fix provided in next build ADM 13.0-76.xx and above.

Workaround ::

=====================

Execute one of these commands in ADM CLI to overwrite Certificate attribute retrieval faulty code. Customers can keep the existing LDAP Settings, no need to change anything. External authentication should work correctly now over SSL/TLS Security.

For SSL

LDAPTLS_REQCERT=never ldapsearch -D CN=[service_account],CN=users,DC=lab,DC=com -H ldaps://[ldap_ip]:636 -b DC=lab,DC=com -Z -A -o nettimeout=3 -w [passwd]

For TLS

LDAPTLS_REQCERT=never ldapsearch -D CN=[service_account],CN=users,DC=lab,DC=com -H ldap://[ldap_ip]:389 -b DC=lab,DC=com -Z -A -o nettimeout=3 -w [passwd]

Customers can safely proceed and configure LDAP server with security type TLS/SSL. There wouldn’t be any impact.

Related:

  • No Related Posts

SolarWinds Orion Platform Supply Chain Attack

Due to the recent announcement by SolarWinds regarding compromises in their supply chain, SolarWinds has released a security advisory providing guidance on assessing and remediating this issue: https://www.solarwinds.com/securityadvisory

Cisco recommends that customers assess if they have used an affected version of SolarWinds Orion Platform and, if so, take the following actions:

  1. Follow the guidance provided in the SolarWinds Security Advisory.
  2. Determine the need to change credentials on all devices being managed by the affected SolarWinds platform software. This includes:
    • User credentials
    • Simple Network Management Protocol (SNMP) version 2c community strings
    • SNMP version 3 user credentials
    • Internet Key Exchange (IKE) preshared keys
    • Shared secrets for TACACS, TACACS+, and RADIUS
    • Secrets for Border Gateway Protocol (BGP), OSPF, Exterior Gateway Routing Protocol (EIGRP), or other routing protocols
    • Exportable RSA keys and certificates for Secure Shell (SSH) or other protocols

While there are no vulnerabilities in Cisco products related to this issue, if a customer was using an affected version of SolarWinds Orion Platform and would like to investigate potential impact to Cisco devices, Cisco has published a number of documents that can help the investigation. Please consult https://tools.cisco.com/security/center/resources/ir_escalation_guidance.

Cisco TALOS has also published guidance regarding this issue that can be viewed here: https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html

Customers that need assistance with Incident Response activities can contact Cisco TALOS here: https://talosintelligence.com/incident_response

Cisco will update this advisory as needed, if additional information becomes available.

Security Impact Rating: Informational

Related:

  • No Related Posts

ShareFile FTP – Setup Configuration Examples

Article Contents

Example Setup Configurations


Advanced Connections for ShareFile FTP

You can connect to ShareFile either via traditional FTP (port 21) or using an implicit SSL/TLS connection (port 990). For security, ShareFile only supports secure FTPS transfers, which are sent over SSL, and not SFTP transfers, which are sent over SSH.

ShareFile FTP login and server information can be found in the ShareFile web app. Navigate toPersonal Settings > Advanced Connections > FTP Settings

User-added image


If FTP Settings is not present, an Admin on your account can enable this feature within the Power Tools menu in the Admin section of their account.

User-added image

Example Setup Configurations

The following recommended setups have been verified by ShareFile Support. Use of these clients with settings not listed here may not be fully supported.

FileZilla Windows and Mac

  1. Click on File.
  2. Select Site Manager. A new window will pop up. Click New Site and set it up as follows:
  3. Name the connection. e.g. ‘ShareFile’
  4. Host – Server address
  5. Server Type – For FTP, select Regular FTP. For FTPS, select Require implicit FTP over TLS.
  6. Login Type – ‘Normal’
  7. User – Enter username in format subdomain/email address
  8. Enter Password – ShareFile account password
  9. Click on the Transfer Settings tab
  10. Select Passive Mode
  11. Click the Connect button

Ipswitch FTP

  1. Click File.
  2. Select Connect
  3. Select Connection Wizard
  4. Name the connection – e.g. ‘ShareFile’
  5. Connection Type –> Regular FTP: Select ‘FTP’ from drop down. Secure FTP: Select ‘FTP/Implicit SSL’ from drop down
  6. Enter Server Address
  7. Enter user name
  8. Format of ‘subdomain’/’email address’
  9. Enter Password
  10. ShareFile account password
  11. Click on the ‘Advanced’ button
  12. Select the ‘Advanced’ tab on the leftc
  13. Make sure the check box for ‘Use Passive mode for data connections’ is selected
  14. Click Ok and Finish

Cute FTP

  1. Click on the ‘File’ drop down menu
  2. Select ‘New’ –> Regular FTP: Select ‘FTP’ from drop down. Secure FTP: Select ‘FTP/Implicit SSL’ from drop down
  3. A new window will pop up
  4. Label – A connection name, e.g. ‘ShareFile’
  5. Host name – Server address
  6. Enter user name – Use format of subdomain/email address
  7. Enter password – ShareFile account password
  8. Login method – Normal
  9. Select Type.
  10. Under the Data connections type select: Use PASV
  11. Click the Connect button

Cisco Firepower Threat Defense Software SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly.

The vulnerability is due to a lack of sufficient memory management protections under heavy SNMP polling loads. An attacker could exploit this vulnerability by sending a high rate of SNMP requests to the SNMP daemon through the management interface on an affected device. A successful exploit could allow the attacker to cause the SNMP daemon process to consume a large amount of system memory over time, which could then lead to an unexpected device restart, causing a denial of service (DoS) condition.

This vulnerability affects all versions of SNMP.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snmp-dos-R8ENPbOs

This advisory is part of the October 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, which includes 17 Cisco Security Advisories that describe 17 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: October 2020 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2020-3533

Related:

  • No Related Posts

How to create responder policy allow/block a set of ip's

  • We need to first create a data set under AppExpert>Dataset
  • We need to put all the IP that we want to block/allow

User-added image

  • After creating the data set create the following responder policy

CLIENT.IP.SRC.TYPECAST_TEXT_T.CONTAINS_ANY(“data_set”)

In the above expression I have called the data set in the expression

For subnet range the policy will be as follows:

CLIENT.IP.SRC.IN_SUBNET(x.x.x.x/32)

Now if we want to evaluate single Ip and subnet we need to create the following expression:

CLIENT.IP.SRC.TYPECAST_TEXT_T.CONTAINS_ANY(“data_set”) && CLIENT.IP.SRC.IN_SUBNET(x.x.x.x/32)

>You can use other subnets using && operator. Take assistance of expression editor to configure the policy.

>And create a action (in this case I am creating a action as redirect)

User-added image

>Bind the responder to the virtual server

Since the above expression is true for ip 1.1.1.1 you will get redirected to https://citrix.com

Related:

  • No Related Posts