Executive Summary
Summary | |
---|---|
Title | Cisco Directory Connector Search Order Hijacking Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20190417-cdc-hijack | First vendor Publication | 2019-04-17 |
Vendor | Cisco | Last vendor Modification | 2019-04-17 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 3.6 | Attack Range | Local |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJct1BdXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczOFgP+gJdJm1o90LCGYjFcYikAM68AyiE 4CTL15GcUSTyFf43VzGx6buPZlZRw2FOovNFRd/xuq3OzGZ1u1DKjM5nqKwTSQSF RlQGWz5Yqa8aa03ju+kZyeN9KIp4efIFWXt8W1lbMqtyIlz/8SUCV7uzRaStWwAZ 5pAsgzUqLhavOxoljNy0VLGvAdjvJX00XZuCP0gihWD3hBYSLi/1/LF//JZYcuOw 7ieiBJVYexOQq+/5CWq0pMEZsHxqMU7ddXkcNU9M8xcb7T7YI8mpv0yepGLJFhB4 RnyiuGuXHf5vC5kPujFN+dARgnyCFwsFgdYiLUYsQT/GvPZI9dmQQ2xWMEufKx2v BAm9ByOR1UGlAmUMHfyK2FOI1aH4vVKIvtfCVz21tmyKn/IXF1IivTUYZEsKRH+g o2H0ngx4T+Q8aDIsOCjKvLVcoZSptw85YhTP72Bb7O5nP9RmcmvuBNzEsZOPxFwm ZTS6ayA/NfPhZryaDpsk9kOS5jwf9Fd3bkobfqAuhvBclzYbtmggTBCkkbRXXxgg FNI3kNI5LXH4CL0cUSg7uZqsWzJe2i2fjUssk6Wi188Qh2iE2M1IyBXsDGz4jXiu oabdDa9sqmrst3AL8CoPZzHOY8FoEY0l5htyXFj/YUjY8xIzDb7kMiUMzIkWGgxp tpY8lUtXYCJep7Dq =JKve END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-427 | Uncontrolled Search Path Element |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Alert History
Date | Informations |
---|---|
2019-04-19 05:20:30 |
|
2019-04-18 17:18:37 |
|