Cisco 多个产品CLI Root Shell访问权限提升漏洞

文章由LinuxBoy分享于2019-04-02 04:04:17热评（145）

Cisco 多个产品CLI Root Shell访问权限提升漏洞

发布日期：2013-02-20
更新日期：2013-02-22

受影响系统：
Cisco Identity Services Engine 1.x
Cisco Context Directory Agent 1.x
Cisco Network Services Manager 5.x
Cisco Prime Collaboration 9.x
描述：
--------------------------------------------------------------------------------
CVE(CAN) ID: CVE-2013-1125

多个思科产品（Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, Network Services Manager）的命令行界面没有正确验证输入，可允许已验证的本地用户获取root的shell访问权限。

<*来源：vendor

链接：http://secunia.com/advisories/52268/
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125
*>

建议：
--------------------------------------------------------------------------------
厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（CVE-2013-1125）以及相应补丁:
CVE-2013-1125：Multiple Cisco Product Root Shell Access Vulnerability
链接：http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125

推荐文章：

Cisco 多个产品CLI Root Shell访问权限提升漏洞