Cisco Prime LAN Management Solution Remote Command Execution Vulnerability Network Vulnerability

Summary

The host is installed with Cisco Prime LAN Management Solution and is prone to remote command execution vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary command in the context of the root user. Impact Level: System/Application

Solution

Upgrade to Cisco Prime LMS Virtual Appliance to 4.2.3 or later, http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms

Insight

Flaw is due to improper validation of authentication and authorization commands sent to certain TCP ports.

Affected

Cisco Prime LMS Virtual Appliance Version 4.1 through 4.2.2 on Linux

References

http://osvdb.org/89112
http://telussecuritylabs.com/threats/show/TSL20130118-01
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms
http://xforce.iss.net/xforce/xfdb/81110

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-6392

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cisco IOS XR Software Fragmented Packets Processing Denial of Service Vulnerability
Cisco Prime LAN Management Solution Remote Command Execution Vulnerability
Cisco VG248 login password is blank
Multiple Cisco Products Multiple Remote Buffer Overflow Vulnerabilities
CISCO Secure ACS Management Interface Login Overflow

Take action and discover your vulnerabilities