Cisco Meeting Place Express - PCI scan failure

Looking for some help here - we run Cisco Meeting Place Express v2.1.1.2.  We are working on PCI compliance and this site consistently fails.  The scan results are below:


Synopsis : The remote Flash media server is affected by multiple vulnerabilities. Description : The remote host is running Adobe's Flash Media Server, an application server for Flash-based applications. The Edge server component included with the version of Flash Media Server installed on the remote host contains several integer overflow and memory corruption errors that can be triggered when parsing specially-crafted Real Time Message Protocol (RTMP) packets. An unauthenticated remote attacker can leverage these issues to crash the affected service or execute arbitrary code with SYSTEM-level privileges (under Windows), potentially resulting in a complete compromise of the affected host. See also : http://labs.idefense.com/intelligence/vu lnerabilities/display.php?id=662 http://labs.idefense.com/intelligence/vu lnerabilities/display.php?id=663 http://archives.neohapsis.com/archives/b ugtraq/2008-02/0180.html http://archives.neohapsis.com/archives/b ugtraq/2008-02/0184.html http://www.adobe.com/support/security/bu lletins/apsb08-03.html http://www.adobe.com/support/documentati on/en/flashmediaserver/205/FMS_2_0_5_Relea seNotes.pdf Solution: Upgrade to Flash Media Server 2.0.5 or later. Risk Factor: Critical  / CVSS Base Score : 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE : CVE-2007-6431, CVE-2007-6148, CVE-2007-6149 BID : 27762 Other references : OSVDB:41538, OSVDB:41539, OSVDB:41540, Secunia:28946 [More]

Synopsis : The remote media server is affected by multiple vulnerabilities. Description : The remote host is running Adobe Flash Media Server, an application server for Flash-based applications. The version running on the remote host is earlier than version 3.5.3. Such versions are potentially affected by the following vulnerabilities : - A resource exhaustion vulnerability can lead to a denial of service. (CVE-2009-3791) - A directory traversal vulnerability can lead to FMS loading arbitrary DLLs present on the server. (CVE-2009-3792) See also : http://www.adobe.com/support/security/bu lletins/apsb09-18.html Solution: Upgrade to Flash Media Server 3.5.3 or later. Risk Factor: Critical  / CVSS Base Score : 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE : CVE-2009-3791, CVE-2009-3792 BID : 37419, 37420 Other references : Secunia:37891, OSVDB:61241, OSVDB:61242 [More]

Synopsis : The remote Flash media server is affected by multiple vulnerabilities. Description : The remote host is running Adobe's Flash Media Server, an application server for Flash-based applications. The Edge server component included with the version of Flash Media Server installed on the remote host contains several integer overflow and memory corruption errors that can be triggered when parsing specially-crafted Real Time Message Protocol (RTMP) packets. An unauthenticated remote attacker can leverage these issues to crash the affected service or execute arbitrary code with SYSTEM-level privileges (under Windows), potentially resulting in a complete compromise of the affected host. See also : http://labs.idefense.com/intelligence/vu lnerabilities/display.php?id=662 http://labs.idefense.com/intelligence/vu lnerabilities/display.php?id=663 http://archives.neohapsis.com/archives/b ugtraq/2008-02/0180.html http://archives.neohapsis.com/archives/b ugtraq/2008-02/0184.html http://www.adobe.com/support/security/bu lletins/apsb08-03.html http://www.adobe.com/support/documentati on/en/flashmediaserver/205/FMS_2_0_5_Relea seNotes.pdf Solution: Upgrade to Flash Media Server 2.0.5 or later. Risk Factor: Critical  / CVSS Base Score : 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE : CVE-2007-6431, CVE-2007-6148, CVE-2007-6149 BID : 27762 Other references : OSVDB:41538, OSVDB:41539, OSVDB:41540, Secunia:28946 [More]

Synopsis : The remote media server has a privilege escalation vulnerability. Description : The remote host is running Adobe Flash Media Server, an application server for Flash-based applications. The version running on the remote host has an unspecified RPC vulnerability. This can reportedly be exploited to execute remote procedures within an server-side ActionScript file running on the server. See also : http://www.adobe.com/support/security/bu lletins/apsb09-05.html Solution: Upgrade to Flash Media Server 3.5.2  / 3.0.4 or later. Risk Factor: High  / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE : CVE-2009-1365 BID : 34790 Other references : OSVDB:54265, Secunia:34878 [More]

Synopsis : The remote media server has a privilege escalation vulnerability. Description : The remote host is running Adobe Flash Media Server, an application server for Flash-based applications. The version running on the remote host has an unspecified RPC vulnerability. This can reportedly be exploited to execute remote procedures within an server-side ActionScript file running on the server. See also : http://www.adobe.com/support/security/bu lletins/apsb09-05.html Solution: Upgrade to Flash Media Server 3.5.2  / 3.0.4 or later. Risk Factor: High  / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE : CVE-2009-1365 BID : 34790 Other references : OSVDB:54265, Secunia:34878 [More]



Has anyone else run into this issue or can anyone point me in the direction to resolving it.  We have contacted Cisco - they provided a patch to us but after applying the patch we had more vulnerabilities than before.  If anyone has any suggestions or needs more let me know.
LVL 1
iwstechuserAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

astralcomputingCommented:
Couple of thoughts:
1. Why are you running Cisco Meeting place on your PCI required system?
2. Mostly what this is telling you is that you need to upgrade your flash media server, however this apparently did not help.
3. The issue with this apparently stems from the Adobe Flash server, not actually from Cisco even though Cisco is using the flash.

Verify your current version of flash if you can.

To verify the Adobe Flash Media Server version, launch the Flash Media Server Administration console, click the Manage Servers > License tab, and note the release version.

Please reply and I'll try to help if I can.



0
iwstechuserAuthor Commented:
Just to clarify - we are not running this on our PCI compliant segment but since the site is externally accessible we have to have it scanned quarterly.  I'll provide the Flash version as soon as I can - thanks!
0
ngravattCommented:
Does it tell you which port it used to detect the Flash Media Server?  Is it possible to block that port on your firewall without affecting the functionality of Cisco Meeting Place?

Or, is it possible to only allow access to your meeting place server from a list of know IP addresses and block the rest of them on your firewall?

OR, subnet your DMZ and put the meeting place server in a different subnet, divided by a firewall, so it does not have to be scanned for your PCI compliance.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
astralcomputingCommented:
Ok. When you get it, perhaps you can contact Adobe directly and see if they have anything for you. Meantime I'll check around and see what I can come up with.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.