PT-2012-5973 · Cisco+1 · Cisco Prime Data Center Network Manager+1

Publicado

2012-11-02

Atualizado

2013-02-26

CVE-2012-5417

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Prime Data Center Network Manager (DCNM) versions prior to 6.1(1)

Description The issue allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services due to improper access restriction to certain JBoss MainDeployer functionality.

Recommendations For versions prior to 6.1(1), update to version 6.1(1) or later to resolve the issue. As a temporary workaround, consider restricting access to JBoss Application Server Remote Method Invocation (RMI) services until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2012-5417

Produtos afetados

Cisco Prime Data Center Network Manager

Jboss Application Server

PT-2012-5973 · Cisco+1 · Cisco Prime Data Center Network Manager+1

CVE-2012-5417

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4