Vulnslist

find the latest Cisco vulnerabilities

Cisco Prime LAN Management Solution Command Execution Vulnerability

cisco-sa-20130109-lms · Critical · Published · Updated

Cisco Prime LAN Management Solution (LMS) Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the root user. The vulnerability is due to improper validation of authentication and authorization commands sent to certain TCP ports. An attacker could exploit this vulnerability by connecting to the affected system and sending arbitrary commands. Cisco has released software updates that address this vulnerability. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms

Cisco advisory ·CSAF JSON

Workarounds

The workaround for this vulnerability requires the administrator to edit the securetty file stored in the /etc/ directory on the affected system and remove the rsh service command line.

Mitigations that can be deployed on Cisco devices in a network are
available in the Cisco Applied Intelligence companion document for this
advisory: http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=27920http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=27920

CVEsCVE-2012-6392
Cisco Bug IDsCSCuc79779
CVSS ScoreBase 10.0
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Prime LAN Management Solution (LMS)

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Prime LAN Management Solution (LMS) known_affected cisco_csaf CVE-2012-6392 1

Related Products

Product CVE Evidence
Cisco Prime LAN Management Solution (LMS) CVE-2012-6392 Cisco OpenVuln