Executive Summary

Summary
Title Cisco Directory Connector Search Order Hijacking Vulnerability
Informations
Name cisco-sa-20190417-cdc-hijack First vendor Publication 2019-04-17
Vendor Cisco Last vendor Modification 2019-04-17
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score 3.6 Attack Range Local
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing.

The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.

There are workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJct1BdXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczOFgP+gJdJm1o90LCGYjFcYikAM68AyiE 4CTL15GcUSTyFf43VzGx6buPZlZRw2FOovNFRd/xuq3OzGZ1u1DKjM5nqKwTSQSF RlQGWz5Yqa8aa03ju+kZyeN9KIp4efIFWXt8W1lbMqtyIlz/8SUCV7uzRaStWwAZ 5pAsgzUqLhavOxoljNy0VLGvAdjvJX00XZuCP0gihWD3hBYSLi/1/LF//JZYcuOw 7ieiBJVYexOQq+/5CWq0pMEZsHxqMU7ddXkcNU9M8xcb7T7YI8mpv0yepGLJFhB4 RnyiuGuXHf5vC5kPujFN+dARgnyCFwsFgdYiLUYsQT/GvPZI9dmQQ2xWMEufKx2v BAm9ByOR1UGlAmUMHfyK2FOI1aH4vVKIvtfCVz21tmyKn/IXF1IivTUYZEsKRH+g o2H0ngx4T+Q8aDIsOCjKvLVcoZSptw85YhTP72Bb7O5nP9RmcmvuBNzEsZOPxFwm ZTS6ayA/NfPhZryaDpsk9kOS5jwf9Fd3bkobfqAuhvBclzYbtmggTBCkkbRXXxgg FNI3kNI5LXH4CL0cUSg7uZqsWzJe2i2fjUssk6Wi188Qh2iE2M1IyBXsDGz4jXiu oabdDa9sqmrst3AL8CoPZzHOY8FoEY0l5htyXFj/YUjY8xIzDb7kMiUMzIkWGgxp tpY8lUtXYCJep7Dq =JKve END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-427 Uncontrolled Search Path Element

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2019-04-19 05:20:30
  • Multiple Updates
2019-04-18 17:18:37
  • First insertion