Release date:
Updated on:
Affected Systems:
Cisco Prime Infrastructure 2.0
Cisco Prime Infrastructure 1.4
Cisco Prime Infrastructure 1.3
Cisco Prime Infrastructure 1.2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65816
CVE (CAN) ID: CVE-2014-0679
Cisco Prime Infrastructure is a solution for wireless management through Cisco technology LMS and NCS.
Cisco Prime Infrastructure does not properly verify URL requests. unauthenticated remote attackers can execute arbitrary commands at the root level.
<* Source: vendor
Link: http://tools.cisco.com/security/center/viewAlert.x? AlertId = 32703
Http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20140226-pi) and patches for this:
Cisco-sa-20140226-pi: Cisco Prime Infrastructure Command Execution Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi