Wednesday, August 31, 2016

Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability

A vulnerability in the application programming interface (API) for the Platform and Applications Manager (PAM) for the Cisco Virtual Media Packager (VMP) could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol.

The vulnerability is due to lack of proper authentication controls. An attacker could exploit this vulnerability by accessing the PAM API. An exploit could allow the attacker to access the PAM API without authentication.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2bS1VWH A vulnerability in the application programming interface (API) for the Platform and Applications Manager (PAM) for the Cisco Virtual Media Packager (VMP) could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol.

The vulnerability is due to lack of proper authentication controls. An attacker could exploit this vulnerability by accessing the PAM API. An exploit could allow the attacker to access the PAM API without authentication.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2bS1VWH
Security Impact Rating: Medium
CVE: CVE-2016-6377

from Cisco Security Advisory http://ift.tt/2bS1VWH

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.