AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
-
Cisco Prime LAN Management Solution (LMS) Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the root user. The vulnerability is due to improper validation of authentication and authorization commands sent to certain TCP ports. An attacker could exploit this vulnerability by connecting to the affected system and sending arbitrary commands.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms
-
Vulnerable Products
The following versions of Linux-based Cisco Prime LMS Virtual Appliance are vulnerable:
Cisco Prime LMS Virtual Appliance Version Affected 4.1
Yes 4.2 Yes 4.2.1 Yes 4.2.2 Yes 4.2.3 No
Note: Only Linux-Based Cisco Prime LMS Virtual Appliances are affected by this vulnerability. Cisco Prime LMS running on Windows or Solaris is not affected.Products Confirmed Not Vulnerable
The following products are not affected by this vulnerability:
- Cisco Prime LMS for Windows
- Cisco Prime LMS for Solaris
- CiscoWorks LMS running on any supported operating systems
No other Cisco products are currently known to be affected by this vulnerability.
-
Cisco Prime LAN Management Solution (LMS) is an integrated suite of management functions that simplifies the configuration, administration, monitoring, and troubleshooting of a network. Cisco Prime LMS software is supported over Windows and Solaris or distributed in Virtual Appliance mode (also known as soft appliance mode).
Cisco Prime LMS Virtual Appliance is a bundle of a Linux-based operating system (OS) and the LMS application that is preinstalled. This software is distributed in a single Open Virtual Archive (OVA) file that can be instantiated directly on a supported VMware virtualization environment.
Linux-based Cisco Prime LAN Management Solution (LMS) Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privilege of the root user. The vulnerability is due to improper validation of authentication and authorization commands by the remote shell server (rshd) running on the affected system. An attacker could exploit this vulnerability by accessing the remote shell (rsh) service of the affected system and sending arbitrary commands.
Note: Only Linux-based Cisco Prime LMS Virtual Appliances are affected by this vulnerability. Cisco Prime LMS running on Windows or Solaris is not affected.
This vulnerability can be exploited over TCP port 514.
This vulnerability is documented in Cisco bug ID CSCuc79779 (registered customers only) and has been assigned CVE ID CVE-2012-6392.
-
The workaround for this vulnerability requires the administrator to edit the securetty file stored in the /etc/ directory on the affected system and remove the rsh service command line.
Mitigations that can be deployed on Cisco devices in a network are available in the Cisco Applied Intelligence companion document for this advisory: http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=27920
-
The following table provides software upgrade information to mitigate the vulnerability described in this security advisory:
Cisco Prime LMS Virtual Appliance Version
Patch Name
4.1 lms4.1-lnx-CSCuc79779-0.zip
4.2
lms4.2-lnx-CSCuc79779-0.zip
4.2.1
lms4.2.1-lnx-CSCuc79779-0.zip
4.2.2
lms4.2.2-lnx-CSCuc79779-0.zip When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. Functional code that demonstrates an exploit of this vulnerability is available as a part of the Metasploit framework.
The vulnerability was discovered during the resolution of a support case.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.1 2013-January-23 Updated Summary, Details, Workaround, Exploitation and Public Announcements sections Revision 1.0 2013-January-09 Initial public release
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.