Cisco Application Extension Platform (AXP) Privilege Escalation (cisco-sa-20100609-axp)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host is running Cisco AXP, which is affected by a privilege
escalation vulnerability.

Description :

The remote Cisco Application Extension Platform (AXP) is affected by a
privilege escalation vulnerability. The vulnerability could allow an
authenticated user to gain administrative access to a vulnerable Cisco
AXP module.

See also :

http://www.cisco.com/en/US/products/csa/cisco-sa-20100609-axp.html

Solution :

Upgrade to Cisco AXP version 1.1.7 or later. Note: Cisco AXP version
1.1.5 may or may not be vulnerable depending upon the upgrade path used.
Installs upgraded from version 1.0 or a clean installation are not
vulnerable. Installs upgraded from version 1.1 are vulnerable. Refer
to the vendor's advisory for upgrade steps.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 70164 ()

Bugtraq ID: 40682

CVE ID: CVE-2010-1572