[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 1 Jun 2016 12:08:26 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated 
Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160601-prime

Version 1.0:  Final

For public release:  2016 June 1 16:00  GMT

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web interface of Cisco Network Analysis Modules could 
allow an unauthenticated, remote attacker to execute arbitrary commands on the 
underlying operating system of the affected device with the privileges of the 
web server.

The vulnerability is due to a failure to properly sanitize user input prior to 
executing an external command derived from the input. An attacker could exploit 
the vulnerability by submitting a crafted HTTP request to the affected device. 
A successful exploit could allow the attacker to execute arbitrary commands or 
code on the underlying operating system with the reduced privileges of the web 
server.

Cisco has released software updates that address this vulnerability. 

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJXTv2/AAoJEK89gD3EAJB5KcUQAOYjQr36VNsida74k/896SeU
vHNiyFs++KcgBy+5OQpw0/GFtKYnQkYp5f04F2Fl0BCqwTn4dunh2Lch/yLh2Iib
5514iab/1fNZXWEpkgfOwbzQhMlJklc0U23P/mtTcSRtaZv/d8oZXebN+byJ5Yz6
lEoCvD7CRlcPszaCu6fuOUqA6Io9gB33bYeU6NDfvVD1sOPe/xGz0To8bDJm2YU1
SSCWB9L9v5c6ikWqdmmMJJlmr+ZORmyguv2cSzArWdhUv2zjCc4nsL+FJam215Bj
CqxQXelURXVRPEWzeaXZGhvvih8FG/JGQyNfxWp+5BTZTniQbp7Yc7Iu4IHBFT/d
bmdde+p9QeyD+/oh947/kJlzmgdm0qZmYF/Xrte8j5YucGn4Dr4kh1lvr9/KEuPX
0fy9mEQjfNW9HKwKL/TlIUZS45GX7fLZsf7HKkBTeSbQCSZ0u03EwUU/+WdMFaf9
dmnVmf9F4IuZMoMhuyShx2SYPyoVRgTr9eRt7zEtLrFFfRNlhTZAFuLvtWTHGCE5
t85xZkZE/iKIRdR3cm+Rhk/nrLVYacd772IncAW6LirjY+uOykVWqbGM7NJ8YYBh
Xca726QhI1lue9eHaNier5o0Xsj40+sMrAPlK7Cc/b8hKWuV6xODcor0sEPVoazx
wk31KMiNQJpR4vnym04g
=msWt
-----END PGP SIGNATURE-----

Prev by Date: [security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS)
Next by Date: Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability
Previous by thread: [security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS)
Next by thread: Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability
Index(es):
- Date
- Thread