The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Cisco Prime Collaboration Provisioning: privilege escalation via the admininistrationinterface

Synthesis of the vulnerability

An attacker can send a specially crafted command to the administration interface of Cisco Prime Collaboration Provisioning, in order to get administration privileges on the operating system.
Severity of this weakness: 2/4.
Creation date: 10/02/2016.
Références of this bulletin: CERTFR-2016-AVI-061, cisco-sa-20160209-pcp, VIGILANCE-VUL-18918.

Description of the vulnerability

The Cisco Prime Collaboration Provisioning product includes a command line interface for administration purpose.

However, this program does not rightly validate its input, and there are some command strings that provides access to a root shell on the underlying Linux system.

An attacker can therefore send a specially crafted command to the administration interface of Cisco Prime Collaboration Provisioning, in order to get administration privileges on the operating system.
Full Vigil@nce bulletin... (Free trial)

This threat alert impacts software or systems such as Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure.

Our Vigil@nce team determined that the severity of this computer vulnerability bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of privileged account.

An attacker with a expert ability can exploit this weakness note.

Solutions for this threat

Cisco Prime Collaboration Provisioning: solution CSCux69286.
The solution CSCux69286 is available:
  https://tools.cisco.com/bugsearch/bug/CSCux69286
  https://tools.cisco.com/quickview/bug/CSCux69286
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides software vulnerability announces. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.