Full Disclosure mailing list archives
Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability
From: Cisco Systems Product Security Incident Response Team <psirt () cisco com>
Date: Wed, 9 Jan 2013 11:04:45 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Prime LAN Management Solution Command Execution Vulnerability Advisory ID: cisco-sa-20130109-lms Revision 1.0 For Public Release 2013 January 9 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco Prime LAN Management Solution (LMS) Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the root user. The vulnerability is due to improper validation of authentication and authorization commands sent to certain TCP ports. An attacker could exploit this vulnerability by connecting to the affected system and sending arbitrary commands. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlDti54ACgkQUddfH3/BbTqTaAEAgJlOLDYzxJMrZGkZhGJxVAEb 8y77RwMX1kn5koY3xXQA/ArQ+4cfPs6cexCLxCwSHqeOjWuN1o41C3X6bXrACK8F =Ixht -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cisco Security Advisory: Cisco Prime LAN Management Solution Command Execution Vulnerability Cisco Systems Product Security Incident Response Team (Jan 09)