PT-2016-4707 · Cisco · Cisco Prime Collaboration

Published

2016-02-12

Updated

2016-12-29

CVE-2016-1320

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Prime Collaboration versions 9.0 through 11.0

Description The issue allows local users with administrator privileges to execute arbitrary OS commands as root. This can be achieved by leveraging the CLI in the affected software.

Recommendations For Cisco Prime Collaboration versions 9.0 through 11.0, consider restricting access to the CLI to minimize the risk of exploitation. As a temporary workaround, limit the use of administrator privileges until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-264

Related Identifiers

CVE-2016-1320

Affected Products

Cisco Prime Collaboration

PT-2016-4707 · Cisco · Cisco Prime Collaboration

CVE-2016-1320

Weakness Enumeration

Related Identifiers

Affected Products

References · 4