Summary
The host is installed with Cisco Prime LAN Management Solution and is prone to remote command execution vulnerability.
Impact
Successful exploitation could allow attackers to execute arbitrary command in the context of the root user.
Impact Level: System/Application
Solution
Upgrade to Cisco Prime LMS Virtual Appliance to 4.2.3 or later, http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms
Insight
Flaw is due to improper validation of authentication and authorization commands sent to certain TCP ports.
Affected
Cisco Prime LMS Virtual Appliance Version 4.1 through 4.2.2 on Linux
References
Severity
Classification
-
CVE CVE-2012-6392 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cisco IOS XR Software Fragmented Packets Processing Denial of Service Vulnerability
- Multiple Cisco Products Multiple Remote Buffer Overflow Vulnerabilities
- Cisco IOS XR Software IPv6 Packet Handling Denial of Service Vulnerability
- Cisco TelePresence TC and TE Software Multiple Security Vulnerabilities
- Cisco Prime LAN Management Solution Remote Command Execution Vulnerability