7.5 - cisco-sa-20160601-prime

A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server.

The vulnerability is due to a failure to properly sanitize user input prior to executing an external command derived from the input. An attacker could exploit the vulnerability by submitting a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands or code on the underlying operating system with the reduced privileges of the web server.

Cisco has released software updates that address this vulnerability.

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime

BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJXTv2/AAoJEK89gD3EAJB5KcUQAOYjQr36VNsida74k/896SeU vHNiyFs++KcgBy+5OQpw0/GFtKYnQkYp5f04F2Fl0BCqwTn4dunh2Lch/yLh2Iib 5514iab/1fNZXWEpkgfOwbzQhMlJklc0U23P/mtTcSRtaZv/d8oZXebN+byJ5Yz6 lEoCvD7CRlcPszaCu6fuOUqA6Io9gB33bYeU6NDfvVD1sOPe/xGz0To8bDJm2YU1 SSCWB9L9v5c6ikWqdmmMJJlmr+ZORmyguv2cSzArWdhUv2zjCc4nsL+FJam215Bj CqxQXelURXVRPEWzeaXZGhvvih8FG/JGQyNfxWp+5BTZTniQbp7Yc7Iu4IHBFT/d bmdde+p9QeyD+/oh947/kJlzmgdm0qZmYF/Xrte8j5YucGn4Dr4kh1lvr9/KEuPX 0fy9mEQjfNW9HKwKL/TlIUZS45GX7fLZsf7HKkBTeSbQCSZ0u03EwUU/+WdMFaf9 dmnVmf9F4IuZMoMhuyShx2SYPyoVRgTr9eRt7zEtLrFFfRNlhTZAFuLvtWTHGCE5 t85xZkZE/iKIRdR3cm+Rhk/nrLVYacd772IncAW6LirjY+uOykVWqbGM7NJ8YYBh Xca726QhI1lue9eHaNier5o0Xsj40+sMrAPlK7Cc/b8hKWuV6xODcor0sEPVoazx wk31KMiNQJpR4vnym04g =msWt END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com