lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201505130906.6.tp@psirt.cisco.com>
Date: Wed, 13 May 2015 09:06:26 -0700
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Command Injection Vulnerability in Multiple Cisco TelePresence Products 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Command Injection Vulnerability in Multiple Cisco TelePresence Products

Advisory ID: cisco-sa-20150513-tp

Revision 1.0

For Public Release 2015 May 13 16:00  UTC (GMT) 

+----------------------------------------------------------------------


Summary
=======

A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVU3TLAAoJEIpI1I6i1Mx3jecP/3kHeHdA/61g2gSFRTRQf2xL
uIwAlCtJvxc7t7Wojrvo575D0Fn0QKXAlONaNkbLJ4g2NPrt+cTUejjFf1HbtEPL
9jUeiDbxS0b6ieIr/B9w8GXuVRSkPoxWNokWDWgog8hs5AZdp+b8pdK80K+SG3wP
SZd8yUbY+t6zRYDw3i1ZnVUeE72rpfzO2KpauoHjyuWHi6NcfQeZr1ZfNAeLaq23
t041gPynTUuyM95Wz0QWQhUXAVNaDHcHdNZ3Gg31lBxS2r9Phmm5OgJ9aVx129rm
2LO9aQLFL+v0shwY6LSo/3GzUWtZmbn/SzsXHb7vyfPzBwfv+E8enkZj2QCA+7Ob
A9e9t3rInTKsQMm+gGjW0n6usOpvCXZuK8LmRWGSTmpFJ6DkS7mulN7bILzmUeLL
5tl6Ef56tM9Li4lVMzfxPNypMOj5Bntv1Pam87uXFR1ND0g/+6XMHg2E0TLi/E1K
hu1Nuiy6ofBNSewN/Ql6WTDGi2yKviJRrCNaCDKA2pQN5uZNmZS3giSxHqxIFOd/
n3rhhm9Ju8qr6SADJK3cg6r5A4/OU/axzlVzvgFl1dgGSi2VYaBu9uKvw/9DyosE
dM7UbaCCey8cB0obaQl87B7gSo90zZVp4q6J1Yx5BrB1gS9iEV/VSfItydGO1jBL
xAPKB9ZcTaUxE/dZhoLl
=obwP
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ