Executive Summary
Summary | |
---|---|
Title | Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160601-prime | First vendor Publication | 2016-06-01 |
Vendor | Cisco | Last vendor Modification | 2016-06-01 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server. The vulnerability is due to a failure to properly sanitize user input prior to executing an external command derived from the input. An attacker could exploit the vulnerability by submitting a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands or code on the underlying operating system with the reduced privileges of the web server. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJXTv2/AAoJEK89gD3EAJB5KcUQAOYjQr36VNsida74k/896SeU vHNiyFs++KcgBy+5OQpw0/GFtKYnQkYp5f04F2Fl0BCqwTn4dunh2Lch/yLh2Iib 5514iab/1fNZXWEpkgfOwbzQhMlJklc0U23P/mtTcSRtaZv/d8oZXebN+byJ5Yz6 lEoCvD7CRlcPszaCu6fuOUqA6Io9gB33bYeU6NDfvVD1sOPe/xGz0To8bDJm2YU1 SSCWB9L9v5c6ikWqdmmMJJlmr+ZORmyguv2cSzArWdhUv2zjCc4nsL+FJam215Bj CqxQXelURXVRPEWzeaXZGhvvih8FG/JGQyNfxWp+5BTZTniQbp7Yc7Iu4IHBFT/d bmdde+p9QeyD+/oh947/kJlzmgdm0qZmYF/Xrte8j5YucGn4Dr4kh1lvr9/KEuPX 0fy9mEQjfNW9HKwKL/TlIUZS45GX7fLZsf7HKkBTeSbQCSZ0u03EwUU/+WdMFaf9 dmnVmf9F4IuZMoMhuyShx2SYPyoVRgTr9eRt7zEtLrFFfRNlhTZAFuLvtWTHGCE5 t85xZkZE/iKIRdR3cm+Rhk/nrLVYacd772IncAW6LirjY+uOykVWqbGM7NJ8YYBh Xca726QhI1lue9eHaNier5o0Xsj40+sMrAPlK7Cc/b8hKWuV6xODcor0sEPVoazx wk31KMiNQJpR4vnym04g =msWt END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Command Injection') |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2016-06-03 | Cisco Prime Network Analysis Module command injection attempt RuleID : 39127 - Revision : 1 - Type : SERVER-WEBAPP |
2016-06-03 | Cisco Prime Network Analysis Module command injection attempt RuleID : 39126 - Revision : 1 - Type : SERVER-WEBAPP |
2016-06-03 | Cisco Prime Network Analysis Module command injection attempt RuleID : 39125 - Revision : 1 - Type : SERVER-WEBAPP |
2016-06-03 | Cisco Prime Network Analysis Module command injection attempt RuleID : 39124 - Revision : 1 - Type : SERVER-WEBAPP |
2016-06-03 | Cisco Prime Network Analysis Module command injection attempt RuleID : 39123 - Revision : 1 - Type : SERVER-WEBAPP |
2016-06-03 | Cisco Prime Network Analysis Module command injection attempt RuleID : 39122 - Revision : 1 - Type : SERVER-WEBAPP |
2016-06-03 | Cisco Prime Network Analysis Module command injection attempt RuleID : 39121 - Revision : 1 - Type : SERVER-WEBAPP |
2016-06-03 | Cisco Prime Network Analysis Module command injection attempt RuleID : 39120 - Revision : 1 - Type : SERVER-WEBAPP |
2016-06-03 | Cisco Prime Network Analysis Module command injection attempt RuleID : 39119 - Revision : 1 - Type : SERVER-WEBAPP |
2016-06-03 | Cisco Prime Network Analysis Module command injection attempt RuleID : 39118 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2016-06-04 00:34:27 |
|
2016-06-01 21:22:17 |
|