Cisco Prime LAN Management Solution Remote Command Execution (CVE-2012-6392)
| Check Point Reference: | CPAI-2013-074 | |
| Date Published: | ||
| Severity: | ||
| Source: | Cisco Advisory cisco-sa-20130109-lms | |
| Industry Reference(s): | CVE-2012-6392 |
|
| Protection Provided by: |
Security Gateway
|
|
|
Who is Vulnerable? Cisco Systems Prime LAN Management Solution 4.1 for Linux Cisco Systems Prime LAN Management Solution 4.2 for Linux Cisco Systems Prime LAN Management Solution 4.2.1 for Linux Cisco Systems Prime LAN Management Solution 4.2.2 for Linux |
||
| Vulnerability Description A lack of authorization vulnerability exists in Cisco Prime LAN Management Solution. Command execution with root security levels |
||
|
Vulnerability Details The vulnerability is due to insufficient validation of users using rsh. A remote attacker can exploit this vulnerability by accessing the rsh service. |
Protection Overview
Detect and block malicious traffic to the RSH service
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.