Cisco Prime Infrastructure Command Execution Vulnerability

cisco-sa-20140226-pi · Critical · Published 12 years ago · Updated 12 years ago

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper validation of URL requests. An attacker could exploit this vulnerability by requesting an unauthorized command via a specific URL. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges. Cisco has released software updates that address this vulnerability. A software patch that addresses this vulnerability in all affected versions is also available. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi

Cisco advisory ·CSAF JSON

Workarounds

Workarounds that mitigate this vulnerability are not available.

CVEs	CVE-2014-0679
Cisco Bug IDs	CSCum71308
CVSS Score	Base 9.0 Base 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C

Products with public affected evidence

Product	CVE	Affected evidence
Cisco Prime Infrastructure	CVE-2014-0679	structured affected CSAF product_status