The Cisco Prime Infrastructure version 2.2 contains two binaries with SUID root world-executable privileges, allowing any local user to execute arbitrary commands as root.
CWE-276: Incorrect Default Permissions
Two binaries are included in Cisco Prime version 2.2 that run as SUID root with world-executable privileges. The commands are
A remote authenticated user may escalate privileges to root and execute arbitrary commands.
Apply an update
Restrict executable permissions
Thanks to Jeremy Brown for reporting this issue.
This document was written by Garret Wassermann.
|Date First Published:||2015-08-17|
|Date Last Updated:||2015-08-17 19:26 UTC|