发布日期:2013-02-20
更新日期:2013-02-22受影响系统:
Cisco Identity Services Engine 1.x
Cisco Context Directory Agent 1.x
Cisco Network Services Manager 5.x
Cisco Prime Collaboration 9.x
描述:
--------------------------------------------------------------------------------
CVE(CAN) ID: CVE-2013-1125
多个思科产品(Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, Network Services Manager)的命令行界面没有正确验证输入,可允许已验证的本地用户获取root的shell访问权限。
<*来源:vendor
链接:http://secunia.com/advisories/52268/
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125
*>建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(CVE-2013-1125)以及相应补丁:
CVE-2013-1125:Multiple Cisco Product Root Shell Access Vulnerability
链接:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125CoDeSys "Gateway Server"多个安全漏洞TYPO3 WEC 讨论区SQL注入漏洞相关资讯 Cisco安全漏洞
Cisco Prime Data Center Network (09/23/2013 05:34:39) Cisco WebEx ARF Player内存破坏漏 (09/06/2013 13:42:59) Cisco Unified Communications (08/23/2013 19:08:57) Cisco Prime Data Center Network (09/22/2013 18:17:00) Cisco Secure Access Control (09/06/2013 13:42:31) Cisco VC220/VC240 Network (08/03/2013 14:33:33)
本文评论 查看全部评论 (0)
尊重网上道德,遵守中华人民共和国的各项有关法律法规 承担一切因您的行为而直接或间接导致的民事或刑事法律责任 本站管理人员有权保留或删除其管辖留言中的任意内容 <
收藏该网址
易网时代-编程资源站