Executive Summary

Summary
Title Cisco Digital Media Manager Privilege Escalation Vulnerability
Informations
Name cisco-sa-20120118-dmm First vendor Publication 2012-01-18
Vendor Cisco Last vendor Modification 2012-01-18
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Digital Media Manager contains a vulnerability that may allow a remote, authenticated attacker to elevate privileges and obtain full access to the affected system.

Cisco Show and Share is not directly affected by this vulnerability. However, because Cisco Show and Share relies on Cisco Digital Media Manager for authentication services, attackers who compromise the Cisco Digital Media Manager may gain full access to Cisco Show and Share.

Cisco has released free software updates that address this vulnerability.

There are no workarounds that mitigate this vulnerability.

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 14

Open Source Vulnerability Database (OSVDB)

Id Description
78336 Cisco Digital Media Manager Administrative Resource Access Control Unreferenc...

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-01-26 IAVM : 2012-B-0010 - Cisco Digital Media Manager Privilege Escalation Vulnerability
Severity : Category II - VMSKEY : V0031139

Nessus® Vulnerability Scanner

Date Description
2013-09-18 Name : The remote device is affected by a privilege escalation vulnerability.
File : cisco_digital_media_manager_5_3.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-02-17 10:22:02
  • Multiple Updates
2013-11-11 12:37:30
  • Multiple Updates
2013-05-11 00:42:44
  • Multiple Updates