Summary
The host is installed with Cisco Prime LAN Management Solution and is prone to remote command execution vulnerability.
Impact
Successful exploitation could allow attackers to execute arbitrary command in the context of the root user.
Impact Level: System/Application
Solution
Upgrade to Cisco Prime LMS Virtual Appliance to 4.2.3 or later, http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms
Insight
Flaw is due to improper validation of authentication and authorization commands sent to certain TCP ports.
Affected
Cisco Prime LMS Virtual Appliance Version 4.1 through 4.2.2 on Linux
References
Severity
Classification
-
CVE CVE-2012-6392 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cisco Prime LAN Management Solution Remote Command Execution Vulnerability
- Multiple Cisco Nexus Devices IP Stack Remote Denial of Service Vulnerability
- Cisco TelePresence TC and TE Software Multiple Security Vulnerabilities
- Cisco IOS XR Software IPv6 Packet Handling Denial of Service Vulnerability
- Cisco VG248 login password is blank