Cisco Digital Media Manager (CVE-2012-0329) Remote Privilege Escalation Vulnerability

Bugtraq ID:	51537
Class:	Design Error
CVE:	CVE-2012-0329
Remote:	Yes
Local:	No
Published:	Jan 18 2012 12:00AM
Updated:	Jan 18 2012 12:00AM
Credit:	Anthony Towry
Vulnerable:	Cisco Digital Media Manager (DMM) 5.2.3 Cisco Digital Media Manager (DMM) 5.2.2 Cisco Digital Media Manager (DMM) 5.2.1 Cisco Digital Media Manager (DMM) 5.3 Cisco Digital Media Manager (DMM) 5.2.2.1 Cisco Digital Media Manager (DMM) 5.2.1.1 Cisco Digital Media Manager (DMM) 5.2 Cisco Digital Media Manager (DMM) 5.1 Cisco Digital Media Manager (DMM) 5.0 Cisco Digital Media Manager 0
Not Vulnerable:

Cisco Digital Media Manager (CVE-2012-0329) Remote Privilege Escalation Vulnerability

Cisco Digital Media Manager (DMM) is prone to a remote privilege escalation vulnerability. This issue is tracked by Cisco Bug ID CSCts63878.

An authenticated attacker can exploit this issue to modify application configuration settings, gaining elevated privileges. This may lead to a full compromise of the affected computer or aid in further attacks.

Cisco Digital Media Manager (CVE-2012-0329) Remote Privilege Escalation Vulnerability

Attackers can exploit this issue using readily available networking tools.

Cisco Digital Media Manager (CVE-2012-0329) Remote Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references for details.

Cisco Digital Media Manager (CVE-2012-0329) Remote Privilege Escalation Vulnerability

References:

• Cisco Digital Media Manager Homepage (Cisco)
  
• Cisco Security Advisory: Cisco Digital Media Manager Privilege Escalation Vulner (psirt)
  
• Cisco Digital Media Manager Privilege Escalation Vulnerability (Cisco)