You are here
Home > Preporuke > Ranjivost Cisco Policy Suite (CPS) softvera

Ranjivost Cisco Policy Suite (CPS) softvera

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Policy Suite Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20170517-cps

Revision: 1.0

For Public Release: 2017 May 17 16:00 GMT

Last Updated: 2017 May 17 16:00 GMT

CVE ID(s): CVE-2017-6623

CVSS Score v(3): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary
=======
A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root.

The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands as root. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the appliance. The user has to be logged-in to the device with valid credentials for a specific set of users.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZHHQiZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHm5gBAA4054vwpO4jMJelTk
2TNNUyrw8GnvdjJDipscxwO7L0Cjb4CuRbJZNpqy2vbeOsfPur8NokQ8DyLPFcC4
IGn+HMpufETAVT3gmHAp1asw4qhoDnXx9kpPrgKZ4KTw0TrmSSL4GtIf+BwyR3Bw
bNeE/gux8dVVNUhT+HDQ5IXeneeK0gLxChPYI3snX8eZ6JCu7VHMIqygvnLey9uS
0G451oaKZinUZbeXDfMx9OxE58Umm1J7skN43ig6dG9bZbGCbfcINKJZbbLO7Zhz
YjqvAOIWdUtvezo3S7xC9p8ylEb02zrjnQiVgaOrTb/+OLwUv33z7WXj9f94nsDE
3JVexH5+GDqHrG9mR5o3sK3RFhXJALsP8HGntA4b5BIcj1uCGAEGz+F4YnvXTNLR
0P6E+qRJW236DxIpRWhCVW29qeBt8aJ8qBwn7QeSGQp8Toi8+yH5MPfLrPvrwn0w
FAMka7EQ3KlfGmz+sTbhpegI2H6c6o0pJp1G+rCJAmE8+A2XUJB/sBXhn6mVl8Xh
nK9h63KHdCvIVpnU3TW8Jn59mXopyNbsxXMqoetBzFax/xuk1F7w8RGu8ANWTOgL
yr2GSUDDT12D8e4cqEkl8djeN+v6j/SFwgY02s3XNGHgOUu9vlhvk/dAqI2S9sf1
ucV6raBuPS5kcsUHTQ4BoMIIdvs=
=+o8F
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorTomislav Protega
Cert idNCERT-REF-2017-05-0037-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci u radu programske jezgre operacijskog sustava Ubuntu 17.04. Otkriveni nedostaci potencijalnim lokalnim napadačima omogućuju izvođenje napada...

Close