Executive Summary

Title Cisco Prime Infrastructure contains SUID root binaries
Name VU#300820 First vendor Publication 2015-08-17
Vendor VU-CERT Last vendor Modification 2015-08-17
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#300820

Cisco Prime Infrastructure contains SUID root binaries

Original Release date: 17 Aug 2015 | Last revised: 17 Aug 2015


The Cisco Prime Infrastructure version 2.2 contains two binaries with SUID root world-executable privileges, allowing any local user to execute arbitrary commands as root.


CWE-276: Incorrect Default Permissions

Two binaries are included in Cisco Prime version 2.2 that run as SUID root with world-executable privileges. The commands are


These commands may be used to run arbitrary commands as root by any local user.

According to Cisco, the default installation does not create any regular users, and Cisco does not support or recommend creating regular users or utilizing the command line shell for administration. Cisco has provided more information in a security advisory (customer user account required to view).


A remote authenticated user may escalate privileges to root and execute arbitrary commands.


Apply an update

Cisco has released an update to address this issue. For more information on the update, please see Cisco's security advisory (customer user account required to view). Affected users should update as soon as possible.

You may also consider the following workaround:

Restrict executable permissions

According to the reporter, affected users may remove the world-executable permissions on runShellCommand and runShellAsRoot to disallow any local account from utilizing these binaries.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
CiscoAffected16 Mar 201508 May 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)



  • https://tools.cisco.com/bugsearch/bug/CSCut39938
  • https://tools.cisco.com/quickview/bug/CSCut39938


Thanks to Jeremy Brown for reporting this issue.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:Unknown
  • Date Public:31 Jul 2015
  • Date First Published:17 Aug 2015
  • Date Last Updated:17 Aug 2015
  • Document Revision:56


If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/300820

Alert History

If you want to see full details history, please login or register.
Date Informations
2015-08-18 00:26:10
  • First insertion