Cisco Prime Infrastructure Command Execution Vulnerability

2014-02-26T16:00:00
ID CISCO-SA-20140226-PI
Type cisco
Reporter Cisco
Modified 2014-03-13T19:31:36

Description

A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.

The vulnerability is due to improper validation of URL requests. An attacker could exploit this vulnerability by requesting an unauthorized command via a specific URL. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges.

Cisco has released software updates that address this vulnerability. A software patch that addresses this vulnerability in all affected versions is also available. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi"]