[prev in list] [next in list] [prev in thread] [next in thread]
List: cisco-nsp
Subject: [c-nsp] Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnera
From: Cisco Systems Product Security Incident Response Team <psirt () cisco ! com>
Date: 2016-09-21 16:29:07
Message-ID: 201609211229.9.csp2100 () psirt ! cisco ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution \
Vulnerability
Advisory ID: cisco-sa-20160921-csp2100-2
Revision 1.0
Published: 2016 September 21 16:00 GMT
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 \
could allow an unauthenticated, remote attacker to execute arbitrary code on a \
targeted system.
The vulnerability is due to insufficient sanitization of specific values received as \
part of a user-supplied HTTP request. An attacker could exploit this vulnerability by \
sending a malicious dnslookup request to the affected system. An exploit could allow \
the attacker to execute arbitrary code with the privileges of the user.
Cisco has released software updates that address this vulnerability. Workarounds that \
address this vulnerability are not available.
This advisory is available at the following link: \
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4rQkAAoJEK89gD3EAJB53UEQAM+JzDD3kO6KPYmZYhe+f8j2
625JrU7AZ3bdn5IKJcje16kxJ72S1PclYFj7hCiyWYK8/SIbIyVLPdzdVRNZUD01
mKd96cHC9bM01FCE9BAiZ3bb+HDQi/VDgG7tcOriPkzu6sQz9x+riFukkhOYHA+h
sudNKaDLrPuUsXUb0EkjwitwBI+l2THRlyNou4SRHVx2aIWtu7QlArouTTNiJMDx
jIHFxyBm9Lw8Bc2QFXl42sffUbf74lU8BKzGgIxVgXgoD53yxqoNMYFf95JfqrxV
hxls6ncBHrxdN+jbccD4OriErKLuqGUSZPHG3c4eAIYTS+B0qFlklwm45I7QYMdO
wA+BSwqz+4H2aaNttuYWCon1ryRJCHy0Yys173K9ZRIsZF3S59aDAOOzVlWU9kWP
iNdZ2b+WdjQtEbsdwgj3QdsLUttjT0pfHlJbuBB31E9UhJ/BZdf/2bDfi+MRUSSS
zA/WN7a6hvw6Nfh/XFl+BQ7jru+RdWur/LqzENhl7kQUVZ2zQ40fPqANbJT9dzUD
OLVcw/Ciuf8T+N1BwiR+aRILVlDvDb1N+fjwLfDoLUZalG/W8geG7+qNNt6Deanl
F9r9usPIs7Hd+H3XT+hwgG7higiMk2ilA1bTveRcKTsaeogmNIaZd/1KFRLPvRj+
qIPI8pHxCE/S3Uw2Wlsc
=YgU2
-----END PGP SIGNATURE-----
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic