[c-nsp] Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed Sep 21 12:29:07 EDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
Advisory ID: cisco-sa-20160921-csp2100-2
Revision 1.0
Published: 2016 September 21 16:00 GMT
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the web interface of Cisco Cloud Services Platform (CSP) 2100 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to insufficient sanitization of specific values received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a malicious dnslookup request to the affected system. An exploit could allow the attacker to execute arbitrary code with the privileges of the user.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4rQkAAoJEK89gD3EAJB53UEQAM+JzDD3kO6KPYmZYhe+f8j2
625JrU7AZ3bdn5IKJcje16kxJ72S1PclYFj7hCiyWYK8/SIbIyVLPdzdVRNZUD01
mKd96cHC9bM01FCE9BAiZ3bb+HDQi/VDgG7tcOriPkzu6sQz9x+riFukkhOYHA+h
sudNKaDLrPuUsXUb0EkjwitwBI+l2THRlyNou4SRHVx2aIWtu7QlArouTTNiJMDx
jIHFxyBm9Lw8Bc2QFXl42sffUbf74lU8BKzGgIxVgXgoD53yxqoNMYFf95JfqrxV
hxls6ncBHrxdN+jbccD4OriErKLuqGUSZPHG3c4eAIYTS+B0qFlklwm45I7QYMdO
wA+BSwqz+4H2aaNttuYWCon1ryRJCHy0Yys173K9ZRIsZF3S59aDAOOzVlWU9kWP
iNdZ2b+WdjQtEbsdwgj3QdsLUttjT0pfHlJbuBB31E9UhJ/BZdf/2bDfi+MRUSSS
zA/WN7a6hvw6Nfh/XFl+BQ7jru+RdWur/LqzENhl7kQUVZ2zQ40fPqANbJT9dzUD
OLVcw/Ciuf8T+N1BwiR+aRILVlDvDb1N+fjwLfDoLUZalG/W8geG7+qNNt6Deanl
F9r9usPIs7Hd+H3XT+hwgG7higiMk2ilA1bTveRcKTsaeogmNIaZd/1KFRLPvRj+
qIPI8pHxCE/S3Uw2Wlsc
=YgU2
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list