漏洞类别:CGI
漏洞等级: 
漏洞信息
A vulnerability in the web interface of Cisco Network Analysis Modules could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device with the privileges of the web server.
The vulnerability is due to a failure to properly sanitize user input prior to executing an external command derived from the input. An attacker could exploit the vulnerability by submitting a crafted HTTP request to the affected device.
漏洞危害
A successful exploit could allow the attacker to execute arbitrary commands or code on the underlying operating system with the reduced privileges of the web server.
解决方案
The vendor has released fixes to resolve this issue. Refer to cisco-sa-20160601-prime to obtain additional details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论