Executive Summary

Summary
Title Cisco Prime Infrastructure contains SUID root binaries
Informations
Name VU#300820 First vendor Publication 2015-08-17
Vendor VU-CERT Last vendor Modification 2015-08-17
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#300820

Cisco Prime Infrastructure contains SUID root binaries

Original Release date: 17 Aug 2015 | Last revised: 17 Aug 2015

Overview

The Cisco Prime Infrastructure version 2.2 contains two binaries with SUID root world-executable privileges, allowing any local user to execute arbitrary commands as root.

Description

CWE-276: Incorrect Default Permissions

Two binaries are included in Cisco Prime version 2.2 that run as SUID root with world-executable privileges. The commands are

/opt/CSCOlumos/bin/runShellCommand
/opt/CSCOlumos/bin/runShellAsRoot


These commands may be used to run arbitrary commands as root by any local user.

According to Cisco, the default installation does not create any regular users, and Cisco does not support or recommend creating regular users or utilizing the command line shell for administration. Cisco has provided more information in a security advisory (customer user account required to view).

Impact

A remote authenticated user may escalate privileges to root and execute arbitrary commands.

Solution

Apply an update

Cisco has released an update to address this issue. For more information on the update, please see Cisco's security advisory (customer user account required to view). Affected users should update as soon as possible.

You may also consider the following workaround:

Restrict executable permissions

According to the reporter, affected users may remove the world-executable permissions on runShellCommand and runShellAsRoot to disallow any local account from utilizing these binaries.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
CiscoAffected16 Mar 201508 May 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base9.0AV:N/AC:L/Au:S/C:C/I:C/A:C
Temporal8.5E:H/RL:W/RC:C
Environmental6.4CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • https://tools.cisco.com/bugsearch/bug/CSCut39938
  • https://tools.cisco.com/quickview/bug/CSCut39938

Credit

Thanks to Jeremy Brown for reporting this issue.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:Unknown
  • Date Public:31 Jul 2015
  • Date First Published:17 Aug 2015
  • Date Last Updated:17 Aug 2015
  • Document Revision:56

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/300820

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2015-08-18 00:26:10
  • First insertion