Executive Summary

Title Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
Name cisco-sa-20160921-csp2100-2 First vendor Publication 2016-09-21
Vendor Cisco Last vendor Modification 2016-09-21
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious dnslookup request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2 BEGIN PGP SIGNATURE Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJX4rQkAAoJEK89gD3EAJB53UEQAM+JzDD3kO6KPYmZYhe+f8j2 625JrU7AZ3bdn5IKJcje16kxJ72S1PclYFj7hCiyWYK8/SIbIyVLPdzdVRNZUD01 mKd96cHC9bM01FCE9BAiZ3bb+HDQi/VDgG7tcOriPkzu6sQz9x+riFukkhOYHA+h sudNKaDLrPuUsXUb0EkjwitwBI+l2THRlyNou4SRHVx2aIWtu7QlArouTTNiJMDx jIHFxyBm9Lw8Bc2QFXl42sffUbf74lU8BKzGgIxVgXgoD53yxqoNMYFf95JfqrxV hxls6ncBHrxdN+jbccD4OriErKLuqGUSZPHG3c4eAIYTS+B0qFlklwm45I7QYMdO wA+BSwqz+4H2aaNttuYWCon1ryRJCHy0Yys173K9ZRIsZF3S59aDAOOzVlWU9kWP iNdZ2b+WdjQtEbsdwgj3QdsLUttjT0pfHlJbuBB31E9UhJ/BZdf/2bDfi+MRUSSS zA/WN7a6hvw6Nfh/XFl+BQ7jru+RdWur/LqzENhl7kQUVZ2zQ40fPqANbJT9dzUD OLVcw/Ciuf8T+N1BwiR+aRILVlDvDb1N+fjwLfDoLUZalG/W8geG7+qNNt6Deanl F9r9usPIs7Hd+H3XT+hwgG7higiMk2ilA1bTveRcKTsaeogmNIaZd/1KFRLPvRj +qIPI8pHxCE/S3Uw2Wlsc =YgU2 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

Application 1

Snort® IPS/IDS

Date Description
2016-09-22 Cisco Cloud Services Platform dnslookup command injection attempt
RuleID : 40257 - Revision : 1 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2016-10-13 Name : The remote network virtual services management device is affected by multiple...
File : cisco-sa-20160921-csp2100.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-10-14 13:25:02
  • Multiple Updates
2016-09-23 21:26:32
  • Multiple Updates
2016-09-23 05:24:01
  • Multiple Updates
2016-09-21 21:29:01
  • First insertion