lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201606291233.6.piauthbypass@psirt.cisco.com>
Date: Wed, 29 Jun 2016 12:33:27 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

Advisory ID: cisco-sa-20160629-piauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to access and control the API resources.

The vulnerability is due to improper input validation of HTTP requests for unauthenticated URIs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected URIs. Successful exploitation of this vulnerability could allow the attacker to upload malicious code to the application server or read unauthorized management data, such as credentials of devices managed by Cisco Prime Infrastructure or EPNM.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.  

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBV2qsA689gD3EAJB5AQLphxAArGXxMxb0qLM5w73zZSZS5iuqQffoaoRC
ZPmuUgErAnyO+OlLsco5qfFxEwCWrBQMQEZZie6LlqlArU+Q5H73aKC4orYnu2o0
avEwR1YkFGcLNbZKp/Bvtzhy7Etd3bR/OnSFkfsg/2Qgkx77zQke5vXwjNtuaMtX
RtXYDh65TvpkegxD2Kb4tMZWLKxsH2tV8oBuuDT+m0h7PwSo4n+Ot2u0IbW1dDjn
AXk/8j4qUzA9iC+nFtTY/ulkWZIX1RHnjk/z+070tSvlsbPhcjJiPZT866+RUAms
lQYoINSo045owXFtQv3CiOge8k5bdxaFsnP944Jg8I+huDvmHXg5uPpIEG7cOKQ1
ZM6n+yw3aQkqDgPRNiAiMwnOrVPFvXIwDFQxe5Otij6WY5Npd1FogBfW/1n/akey
IVoEQ4Xz3cR72yrv0Xu5nt2C9GX1uByID82Eq1XF9VeI74yFpNupjzCgPwkxyhsM
+M1gj+9teD42wUtEV92mAtmRiEBeVBKUnnYcDpOYOr5CbSretlyQm++0FbJS2Xrb
22TWTkWWMlOd7L+msb0sOOdlVC5h01aKnfyNfVsBcRhKVcfsfxljomR6V8GZWdW2
DTR1A4f5+rcuJBBlnNxE0tm1Wbvsed7N/0M92aELK13oLmz9lOw5aUZ/X3bhP/ko
iZ6ZrVNwhyQ=
=F9QW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ