Cisco.Prime.LMS.Remote.Command.Execution
Description
This indicates an attack attempt to exploit an Arbitrary Command Execution vulnerability in Cisco's Prim LAN Management Solution.
The vulnerability is due to insufficient validation of in the application regarding users using rsh. A remote attacker may be able to exploit this by accessing the rsh service and issue arbitrary commands through the rsh service.
Affected Products
Cisco Systems Prime LAN Management Solution 4.2.2 for Linux
Cisco Systems Prime LAN Management Solution 4.2.1 for Linux
Cisco Systems Prime LAN Management Solution 4.2 for Linux
Cisco Systems Prime LAN Management Solution 4.1 for Linux
Impact
System Compromise: Remote Attackers can gain control of vulnerable systems.
Recommended Actions
Apply patch available from the vendor's website.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |