A vulnerability in the System Configuration Protocol (SCP) core messaging interface of the Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks.The vulnerability is due to lack of proper authentication controls for SCP messages. An attacker could exploit this vulnerability by sending specific SCP protocol messages to the targeted application. An exploit could allow the attacker to learn sensitive information about the application.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/1UYkIcI
A vulnerability in the System Configuration Protocol (SCP) core messaging interface of the Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks.The vulnerability is due to lack of proper authentication controls for SCP messages. An attacker could exploit this vulnerability by sending specific SCP protocol messages to the targeted application. An exploit could allow the attacker to learn sensitive information about the application.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/1UYkIcI
Security Impact Rating: Medium
CVE: CVE-2016-1427
from Cisco Security Advisory http://ift.tt/1UYkIcI
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.