Summary
The host is installed with Cisco Prime LAN Management Solution and is prone to remote command execution vulnerability.
Impact
Successful exploitation could allow attackers to execute arbitrary command in the context of the root user.
Impact Level: System/Application
Solution
Upgrade to Cisco Prime LMS Virtual Appliance to 4.2.3 or later, http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms
Insight
Flaw is due to improper validation of authentication and authorization commands sent to certain TCP ports.
Affected
Cisco Prime LMS Virtual Appliance Version 4.1 through 4.2.2 on Linux
References
Severity
Classification
-
CVE CVE-2012-6392 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cisco TelePresence TC and TE Software Multiple Security Vulnerabilities
- CISCO Secure ACS Management Interface Login Overflow
- Multiple Cisco Nexus Devices IP Stack Remote Denial of Service Vulnerability
- Cisco IOS XR Software Fragmented Packets Processing Denial of Service Vulnerability
- Cisco Prime LAN Management Solution Remote Command Execution Vulnerability