Cisco Security Response: Response to Privilege Escalation on Multiple Cisco Products

Document ID: 69930

http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml

Revision 1.0

For Public Release 2006 April 19 1500 UTC (GMT)

Please provide your feedback on this document.

Contents

Cisco Response
Additional Information
Revision History
Cisco Security Procedures

Cisco Response

This is Cisco PSIRT's response to the privilege escalation vulnerability independently announced by Adam Pointon of Assurance.com.au and Mathieu Pepin of Axen Consulting. We would like to thank both Adam and Mathieu for bringing this issue to our attention.

The following are affected by this vulnerability:

• Cisco Wireless LAN Solution Engine (WLSE)
  
• Cisco Hosting Solution Engine (HSE)
  
• Cisco User Registration Tool (URT)
  
• Cisco Ethernet Subscriber Solution Engine (ESSE)
  
• CiscoWorks2000 Service Management Solution (SMS)
  

Additional Information

By exploiting this vulnerability, an authenticated attacker on the command line interface may obtain shell access to the underlying operating system by injecting specially crafted commands.

The following products are affected by this vulnerability:

• Cisco WLSE - A separate Cisco Security Advisory has been published which addresses multiple vulnerabilities in the WLSE appliance, including this vulnerability. Refer to the security advisory at the following URL for more information on the impact and fixed software versions: http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml.
  
• This vulnerability is addressed by the Cisco bug ID CSCsd22861 ( registered customers only) for the URT appliance. 2.5.5(A1) version of the URT software fixes this issue and can be downloaded from the following URL: http://www.cisco.com/pcgi-bin/tablebuild.pl/urt-3des.
  
• Cisco HSE - This vulnerability is addressed by the Cisco bug ID CSCsd22859 ( registered customers only) for the HSE appliance. The HSE-PSIRT1 patch fixes this issue and can be downloaded from the following URL: http://www.cisco.com/pcgi-bin/tablebuild.pl/1105-host-sol.
  
• Cisco ESSE - This product has reached End-of-Life therefore Cisco will not be providing fixed software for the ESSE product by default. Customers who require a fix for this should open a service request and request a fix through the Technical Support organization.
  
• CiscoWorks SMS - This product has reached End-of-Life therefore Cisco will not be providing fixed software for the SMS product by default. Customers who require a fix for this should open a service request and request a fix through the Technical Support organization.
  

Revision History

Cisco Security Procedures

Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt.