Cisco Prime Infrastructure Command Execution Vulnerability

ID CISCO-SA-20140226-PI
Type cisco
Reporter Cisco
Modified 2014-03-13T19:31:36


A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.

The vulnerability is due to improper validation of URL requests. An attacker could exploit this vulnerability by requesting an unauthorized command via a specific URL. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges.

Cisco has released software updates that address this vulnerability. A software patch that addresses this vulnerability in all affected versions is also available. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:[""]