Multiple Linux-Based Cisco Products Local Privilege Escalation Vulnerability
BID:17609
Info
Multiple Linux-Based Cisco Products Local Privilege Escalation Vulnerability
| Bugtraq ID: | 17609 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 19 2006 12:00AM |
| Updated: | Apr 20 2006 04:16PM |
| Credit: | Adam Pointon of Assurance.com.au and Mathieu Pepin of Axen Consulting are both credited with the discovery of this vulnerability. |
| Vulnerable: |
Cisco Wireless Lan Solution Engine Express 0 Cisco Wireless Lan Solution Engine 1130 2.0.5 Cisco Wireless Lan Solution Engine 1130 2.0 .2 Cisco Wireless Lan Solution Engine 1130 2.0 Cisco Wireless Lan Solution Engine 1105 2.5 Cisco Wireless Lan Solution Engine 1105 2.0.2 Cisco Wireless Lan Solution Engine 1105 2.0 Cisco Wireless Lan Solution Engine Cisco User Registration Tool Cisco Service Management Cisco Hosting Solution Engine 1105 1.7.3 Cisco Hosting Solution Engine 1105 1.7.2 Cisco Hosting Solution Engine 1105 1.7.1 Cisco Hosting Solution Engine 1105 1.7 Cisco Hosting Solution Engine 1.3 Cisco Hosting Solution Engine 1.0 Cisco Ethernet Subscriber Solution Engine 0 Cisco CiscoWorks 1105 Hosting Solution Engine |
| Not Vulnerable: |
Cisco Wireless Lan Solution Engine Express 2.13 Cisco Wireless Lan Solution Engine 2.13 |
Discussion
Multiple Linux-Based Cisco Products Local Privilege Escalation Vulnerability
Multiple Linux-based Cisco products are prone to a local privilege-escalation vulnerability. The applications fail to properly sanitize user-supplied input.
This issue allows attackers with telnet or SSH access to affected devices to execute arbitrary shell commands with superuser privileges. This facilitates the complete compromise of affected devices.
Multiple Linux-based Cisco products are prone to a local privilege-escalation vulnerability. The applications fail to properly sanitize user-supplied input.
This issue allows attackers with telnet or SSH access to affected devices to execute arbitrary shell commands with superuser privileges. This facilitates the complete compromise of affected devices.
Exploit / POC
Multiple Linux-Based Cisco Products Local Privilege Escalation Vulnerability
This issue can be exploited through a standard telnet or SSH client.
This issue can be exploited through a standard telnet or SSH client.
Solution / Fix
Multiple Linux-Based Cisco Products Local Privilege Escalation Vulnerability
Solution:
The vendor has released version 2.13 of the affected software to address this issue. Please see the referenced vendor advisory for details on obtaiing the appropriate updates.
Solution:
The vendor has released version 2.13 of the affected software to address this issue. Please see the referenced vendor advisory for details on obtaiing the appropriate updates.
References
Multiple Linux-Based Cisco Products Local Privilege Escalation Vulnerability
References:
References:
- Cisco Call Manager Express (Cisco Systems)
- Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance (Cisco)
- Cisco Security Response: Response to Privilege Escalation on Multiple Cisco Prod (Cisco)
- Multiple vulnerabilities in Linux based Cisco products (assurance.com.au)
- Re: Multiple vulnerabilities in Linux based Cisco products (Cisco)