Cisco Prime LAN Management Solution Command Execution Vulnerability

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36577	2013-A-0019	SV-48001r1_rule	ECMT-1 ECMT-2 VIVM-1	High

Description
Cisco has released a security advisory addressing a remote code execution vulnerability in the Cisco Prime LAN Management Solution (LMS) Virtual Appliance. The Cisco Prime LMS is an integrated suite of management functions that simplifies the configuration, administration, monitoring, and troubleshooting of a network. To exploit this vulnerability, an attacker would connect to an affected system and send a series of arbitrary commands. Successful exploitation of this vulnerability would allow an attacker to execute commands with the privilege of the root user resulting in the compromise of affected systems. <br><br> At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents.<br>

Description

Cisco has released a security advisory addressing a remote code execution vulnerability in the Cisco Prime LAN Management Solution (LMS) Virtual Appliance. The Cisco Prime LMS is an integrated suite of management functions that simplifies the configuration, administration, monitoring, and troubleshooting of a network. To exploit this vulnerability, an attacker would connect to an affected system and send a series of arbitrary commands. Successful exploitation of this vulnerability would allow an attacker to execute commands with the privilege of the root user resulting in the compromise of affected systems. <br><br> At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents.<br>

STIG	Date
VMware ESXi Server 5.0 Security Technical Implementation Guide	2013-09-12

Details

Check Text ( None )
None

Fix Text (None)
None