A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server.
The vulnerability is due to a failure to properly sanitize user input prior to executing an external command derived from the input. An attacker could exploit the vulnerability by submitting a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands or code on the underlying operating system with the reduced privileges of the web server.
Cisco has released software updates that address this vulnerability.
Workarounds that address this vulnerability are not available.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
Advisory ID: cisco-sa-20160601-prime
Version 1.0: Final
For public release: 2016 June 1 16:00 GMT
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server.
The vulnerability is due to a failure to properly sanitize user input prior to executing an external command derived from the input. An attacker could exploit the vulnerability by submitting a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands or code on the underlying operating system with the reduced privileges of the web server.
Cisco has released software updates that address this vulnerability.
Workarounds that address this vulnerability are not available.
This advisory is available at the following link:
http://ift.tt/1OA5F6U
co-sa-20160601-prime
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJXTv2/AAoJEK89gD3EAJB5KcUQAOYjQr36VNsida74k/896SeU
vHNiyFs++KcgBy+5OQpw0/GFtKYnQkYp5f04F2Fl0BCqwTn4dunh2Lch/yLh2Iib
5514iab/1fNZXWEpkgfOwbzQhMlJklc0U23P/mtTcSRtaZv/d8oZXebN+byJ5Yz6
lEoCvD7CRlcPszaCu6fuOUqA6Io9gB33bYeU6NDfvVD1sOPe/xGz0To8bDJm2YU1
SSCWB9L9v5c6ikWqdmmMJJlmr+ZORmyguv2cSzArWdhUv2zjCc4nsL+FJam215Bj
CqxQXelURXVRPEWzeaXZGhvvih8FG/JGQyNfxWp+5BTZTniQbp7Yc7Iu4IHBFT/d
bmdde+p9QeyD+/oh947/kJlzmgdm0qZmYF/Xrte8j5YucGn4Dr4kh1lvr9/KEuPX
0fy9mEQjfNW9HKwKL/TlIUZS45GX7fLZsf7HKkBTeSbQCSZ0u03EwUU/+WdMFaf9
dmnVmf9F4IuZMoMhuyShx2SYPyoVRgTr9eRt7zEtLrFFfRNlhTZAFuLvtWTHGCE5
t85xZkZE/iKIRdR3cm+Rhk/nrLVYacd772IncAW6LirjY+uOykVWqbGM7NJ8YYBh
Xca726QhI1lue9eHaNier5o0Xsj40+sMrAPlK7Cc/b8hKWuV6xODcor0sEPVoazx
wk31KMiNQJpR4vnym04g
=msWt
-----END PGP SIGNATURE-----
[ reply ]