Executive Summary
Summary | |
---|---|
Title | Cisco Digital Media Manager Privilege Escalation Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20120118-dmm | First vendor Publication | 2012-01-18 |
Vendor | Cisco | Last vendor Modification | 2012-01-18 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Digital Media Manager contains a vulnerability that may allow a remote, authenticated attacker to elevate privileges and obtain full access to the affected system. Cisco Show and Share is not directly affected by this vulnerability. However, because Cisco Show and Share relies on Cisco Digital Media Manager for authentication services, attackers who compromise the Cisco Digital Media Manager may gain full access to Cisco Show and Share. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78336 | Cisco Digital Media Manager Administrative Resource Access Control Unreferenc... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-01-26 | IAVM : 2012-B-0010 - Cisco Digital Media Manager Privilege Escalation Vulnerability Severity : Category II - VMSKEY : V0031139 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-09-18 | Name : The remote device is affected by a privilege escalation vulnerability. File : cisco_digital_media_manager_5_3.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:22:02 |
|
2013-11-11 12:37:30 |
|
2013-05-11 00:42:44 |
|