PT-2016-4707 · Cisco · Cisco Prime Collaboration

Publicado

2016-02-12

Atualizado

2016-12-29

CVE-2016-1320

CVSS v2.0

6.8

Média

Vetor

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration versions 9.0 through 11.0

Description The issue allows local users with administrator privileges to execute arbitrary OS commands as root. This can be achieved by leveraging the CLI in the affected software.

Recommendations For Cisco Prime Collaboration versions 9.0 through 11.0, consider restricting access to the CLI to minimize the risk of exploitation. As a temporary workaround, limit the use of administrator privileges until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-264

Identificadores relacionados

CVE-2016-1320

Produtos afetados

Cisco Prime Collaboration

PT-2016-4707 · Cisco · Cisco Prime Collaboration

CVE-2016-1320

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4