Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.106328
Kategorie:CISCO
Titel:Cisco Prime Infrastructure Authenticated Remote Code Execution Vulnerability
Zusammenfassung:A vulnerability in the web interface of Cisco Prime Infrastructure could;allow an authenticated, remote attacker to upload arbitrary files and execute commands as the prime web user.;The prime web user does not have the full privileges of root.
Beschreibung:Summary:
A vulnerability in the web interface of Cisco Prime Infrastructure could
allow an authenticated, remote attacker to upload arbitrary files and execute commands as the prime web user.
The prime web user does not have the full privileges of root.

Vulnerability Insight:
The vulnerability is due to incomplete input validation of HTTP requests.
An attacker could exploit this vulnerability by authenticating to the application and sending a crafted HTTP
request to the affected system.

Vulnerability Impact:
An exploit could allow the attacker to upload arbitrary files and execute
commands as the prime web user.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-1408
BugTraq ID: 91506
http://www.securityfocus.com/bid/91506
Cisco Security Advisory: 20160629 Cisco Prime Infrastructure and Evolved Programmable Network Manager Authenticated Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm
http://www.securitytracker.com/id/1036197
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.