发布日期:2013-02-20
更新日期:2013-02-22
受影响系统:
Cisco Identity Services Engine 1.x
Cisco Context Directory Agent 1.x
Cisco Network Services Manager 5.x
Cisco Prime Collaboration 9.x
描述:
--------------------------------------------------------------------------------
CVE(CAN) ID: CVE-2013-1125
多个思科产品(Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, Network Services Manager)的命令行界面没有正确验证输入,可允许已验证的本地用户获取root的shell访问权限。
<*来源:vendor
链接:
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(CVE-2013-1125)以及相应补丁:
CVE-2013-1125:Multiple Cisco Product Root Shell Access Vulnerability
链接: