Cisco Meeting Place Express - PCI scan failure

Looking for some help here - we run Cisco Meeting Place Express v2.1.1.2.  We are working on PCI compliance and this site consistently fails.  The scan results are below:


Synopsis : The remote Flash media server is affected by multiple vulnerabilities. Description : The remote host is running Adobe's Flash Media Server, an application server for Flash-based applications. The Edge server component included with the version of Flash Media Server installed on the remote host contains several integer overflow and memory corruption errors that can be triggered when parsing specially-crafted Real Time Message Protocol (RTMP) packets. An unauthenticated remote attacker can leverage these issues to crash the affected service or execute arbitrary code with SYSTEM-level privileges (under Windows), potentially resulting in a complete compromise of the affected host. See also : http://labs.idefense.com/intelligence/vu lnerabilities/display.php?id=662 http://labs.idefense.com/intelligence/vu lnerabilities/display.php?id=663 http://archives.neohapsis.com/archives/b ugtraq/2008-02/0180.html http://archives.neohapsis.com/archives/b ugtraq/2008-02/0184.html http://www.adobe.com/support/security/bu lletins/apsb08-03.html http://www.adobe.com/support/documentati on/en/flashmediaserver/205/FMS_2_0_5_Relea seNotes.pdf Solution: Upgrade to Flash Media Server 2.0.5 or later. Risk Factor: Critical  / CVSS Base Score : 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE : CVE-2007-6431, CVE-2007-6148, CVE-2007-6149 BID : 27762 Other references : OSVDB:41538, OSVDB:41539, OSVDB:41540, Secunia:28946 [More]

Synopsis : The remote media server is affected by multiple vulnerabilities. Description : The remote host is running Adobe Flash Media Server, an application server for Flash-based applications. The version running on the remote host is earlier than version 3.5.3. Such versions are potentially affected by the following vulnerabilities : - A resource exhaustion vulnerability can lead to a denial of service. (CVE-2009-3791) - A directory traversal vulnerability can lead to FMS loading arbitrary DLLs present on the server. (CVE-2009-3792) See also : http://www.adobe.com/support/security/bu lletins/apsb09-18.html Solution: Upgrade to Flash Media Server 3.5.3 or later. Risk Factor: Critical  / CVSS Base Score : 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE : CVE-2009-3791, CVE-2009-3792 BID : 37419, 37420 Other references : Secunia:37891, OSVDB:61241, OSVDB:61242 [More]

Synopsis : The remote Flash media server is affected by multiple vulnerabilities. Description : The remote host is running Adobe's Flash Media Server, an application server for Flash-based applications. The Edge server component included with the version of Flash Media Server installed on the remote host contains several integer overflow and memory corruption errors that can be triggered when parsing specially-crafted Real Time Message Protocol (RTMP) packets. An unauthenticated remote attacker can leverage these issues to crash the affected service or execute arbitrary code with SYSTEM-level privileges (under Windows), potentially resulting in a complete compromise of the affected host. See also : http://labs.idefense.com/intelligence/vu lnerabilities/display.php?id=662 http://labs.idefense.com/intelligence/vu lnerabilities/display.php?id=663 http://archives.neohapsis.com/archives/b ugtraq/2008-02/0180.html http://archives.neohapsis.com/archives/b ugtraq/2008-02/0184.html http://www.adobe.com/support/security/bu lletins/apsb08-03.html http://www.adobe.com/support/documentati on/en/flashmediaserver/205/FMS_2_0_5_Relea seNotes.pdf Solution: Upgrade to Flash Media Server 2.0.5 or later. Risk Factor: Critical  / CVSS Base Score : 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE : CVE-2007-6431, CVE-2007-6148, CVE-2007-6149 BID : 27762 Other references : OSVDB:41538, OSVDB:41539, OSVDB:41540, Secunia:28946 [More]

Synopsis : The remote media server has a privilege escalation vulnerability. Description : The remote host is running Adobe Flash Media Server, an application server for Flash-based applications. The version running on the remote host has an unspecified RPC vulnerability. This can reportedly be exploited to execute remote procedures within an server-side ActionScript file running on the server. See also : http://www.adobe.com/support/security/bu lletins/apsb09-05.html Solution: Upgrade to Flash Media Server 3.5.2  / 3.0.4 or later. Risk Factor: High  / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE : CVE-2009-1365 BID : 34790 Other references : OSVDB:54265, Secunia:34878 [More]

Synopsis : The remote media server has a privilege escalation vulnerability. Description : The remote host is running Adobe Flash Media Server, an application server for Flash-based applications. The version running on the remote host has an unspecified RPC vulnerability. This can reportedly be exploited to execute remote procedures within an server-side ActionScript file running on the server. See also : http://www.adobe.com/support/security/bu lletins/apsb09-05.html Solution: Upgrade to Flash Media Server 3.5.2  / 3.0.4 or later. Risk Factor: High  / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE : CVE-2009-1365 BID : 34790 Other references : OSVDB:54265, Secunia:34878 [More]



Has anyone else run into this issue or can anyone point me in the direction to resolving it.  We have contacted Cisco - they provided a patch to us but after applying the patch we had more vulnerabilities than before.  If anyone has any suggestions or needs more let me know.
LVL 1
iwstechuserAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
ngravattConnect With a Mentor Commented:
Does it tell you which port it used to detect the Flash Media Server?  Is it possible to block that port on your firewall without affecting the functionality of Cisco Meeting Place?

Or, is it possible to only allow access to your meeting place server from a list of know IP addresses and block the rest of them on your firewall?

OR, subnet your DMZ and put the meeting place server in a different subnet, divided by a firewall, so it does not have to be scanned for your PCI compliance.
0
 
astralcomputingCommented:
Couple of thoughts:
1. Why are you running Cisco Meeting place on your PCI required system?
2. Mostly what this is telling you is that you need to upgrade your flash media server, however this apparently did not help.
3. The issue with this apparently stems from the Adobe Flash server, not actually from Cisco even though Cisco is using the flash.

Verify your current version of flash if you can.

To verify the Adobe Flash Media Server version, launch the Flash Media Server Administration console, click the Manage Servers > License tab, and note the release version.

Please reply and I'll try to help if I can.



0
 
iwstechuserAuthor Commented:
Just to clarify - we are not running this on our PCI compliant segment but since the site is externally accessible we have to have it scanned quarterly.  I'll provide the Flash version as soon as I can - thanks!
0
 
astralcomputingCommented:
Ok. When you get it, perhaps you can contact Adobe directly and see if they have anything for you. Meantime I'll check around and see what I can come up with.
0
All Courses

From novice to tech pro — start learning today.