You are here
Home > Preporuke > Ranjivost Cisco Prime DCNM aplikacije

Ranjivost Cisco Prime DCNM aplikacije

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20170607-dcnm1

Revision: 1.0

For Public Release: 2017 June 7 16:00 GMT

Last Updated: 2017 June 7 16:00 GMT

CVE ID(s): CVE-2017-6639

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary
=======
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system.

The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZOCSXZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHn5oxAAnqNcx5BMmcHVMhox
t/zutTTLkiXQFwQVMlGJEDcOmoPqua+HmNvfyF/sNDf7JgPzT320NFfwbEou/1fV
IvfBs/ztPpReHGMPLJJiXVUHKuyymK772TJ2hv9DqNxvH1c+nGJIRoXxg3q00cxM
5Y+tQ2k6iGE1+UPQH49eFIi7M1zY2p0xK8xqE+QXqePyfTPvDsFTNEfvTfb6so3m
PHcfy4DrncISyztprKFZGXmSdXGAjxuMF5iv4xRXuKDgzU5fQLnHCyaoh3NazemY
BSMTxfF9hqw9NYXmrnYj/3s8C189nO5vW7Cr0o5+UK1bgAlMzVZzRQc9raMe9Afy
NY5EDACib6w+T5mI6nVo6pjD9w1jY4wyhc6nyBeJSpIxzL2dQ93SmwtxBpOgCs64
W26q8qylcaNK/pANK9GLhbOGygx5eu++Zeazk7S6FHlbl7V4dKS/4DDTrhKKZItp
VUrQJKUFB+xg7cfqqax+1CRRQgqg5qeUKROxDxR5BrsVVwF1mRCCsnMb4tGrtYxT
Og4XVkkqeE2wq1PkZ+bbTh8sF+8/GqgvZedSttcdt0ji4JiBftemhGrGRdHvTol1
YMWhdTTBT8g8rsZFuqtUM1EQDcYCQyRb8B8TlRzwwbIgXUcsBEG/YlNLF1kh1sVm
xDAwT8vjJSr51/lnD3EMvaQ2wBQ=
=FPjy
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-06-0051-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Ispravak zakrpe za programski paket nagios3

Ubuntu je izdao ispravak zakrpe za programski paket nagios3, a odnosi se na preporuku oznake USN-3253-1 izdane u travnju 2017....

Close