Executive Summary

Summary
TitleCisco Directory Connector Search Order Hijacking Vulnerability
Informations
Namecisco-sa-20190417-cdc-hijackFirst vendor Publication2019-04-17
VendorCiscoLast vendor Modification2019-04-17
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score3.6Attack RangeLocal
Cvss Impact Score4.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing.

The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.

There are workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJct1BdXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczOFgP+gJdJm1o90LCGYjFcYikAM68AyiE 4CTL15GcUSTyFf43VzGx6buPZlZRw2FOovNFRd/xuq3OzGZ1u1DKjM5nqKwTSQSF RlQGWz5Yqa8aa03ju+kZyeN9KIp4efIFWXt8W1lbMqtyIlz/8SUCV7uzRaStWwAZ 5pAsgzUqLhavOxoljNy0VLGvAdjvJX00XZuCP0gihWD3hBYSLi/1/LF//JZYcuOw 7ieiBJVYexOQq+/5CWq0pMEZsHxqMU7ddXkcNU9M8xcb7T7YI8mpv0yepGLJFhB4 RnyiuGuXHf5vC5kPujFN+dARgnyCFwsFgdYiLUYsQT/GvPZI9dmQQ2xWMEufKx2v BAm9ByOR1UGlAmUMHfyK2FOI1aH4vVKIvtfCVz21tmyKn/IXF1IivTUYZEsKRH+g o2H0ngx4T+Q8aDIsOCjKvLVcoZSptw85YhTP72Bb7O5nP9RmcmvuBNzEsZOPxFwm ZTS6ayA/NfPhZryaDpsk9kOS5jwf9Fd3bkobfqAuhvBclzYbtmggTBCkkbRXXxgg FNI3kNI5LXH4CL0cUSg7uZqsWzJe2i2fjUssk6Wi188Qh2iE2M1IyBXsDGz4jXiu oabdDa9sqmrst3AL8CoPZzHOY8FoEY0l5htyXFj/YUjY8xIzDb7kMiUMzIkWGgxp tpY8lUtXYCJep7Dq =JKve END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

%idName
100 %CWE-427Uncontrolled Search Path Element

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-04-19 05:20:30
  • Multiple Updates
2019-04-18 17:18:37
  • First insertion