Cisco Prime LAN Management Solution虚拟设备远程命令执行漏洞
Cisco Prime LAN Management Solution虚拟设备远程命令执行漏洞
发布日期:2013-01-09
更新日期:2013-01-11
受影响系统:
Cisco Prime LAN Management Solution 4.2.2
Cisco Prime LAN Management Solution 4.2.1
Cisco Prime LAN Management Solution 4.2
Cisco Prime LAN Management Solution 4.1
Cisco Prime LAN Management Solution
不受影响系统:
Cisco Prime LAN Management Solution 4.2.3
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 57221
CVE(CAN) ID: CVE-2012-6392
CiscoWorks LAN Management Solution (LMS)是一套局域网管理套装,可简化配置、管理、监控和维护思科网络。
Cisco Prime LAN Management Solution (LMS) Virtual Appliance在实现上存在一个任意命令执行漏洞,此漏洞源于不正确验证发送到某TCP端口的身份认证和授权命令。一个未认证的攻击者可通过连接到受影响系统并发送任意命令利用此漏洞。仅Linux平台上的设备受到影响。
<*来源:vendor
链接:http://seclists.org/fulldisclosure/2013/Jan/42?utm_source=twitterfeed&utm_medium=twitter
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20130109-lms)以及相应补丁:
cisco-sa-20130109-lms:Cisco Prime LAN Management Solution Command Execution Vulnerability
链接:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms
评论暂时关闭