Cisco Prime Security Manager GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)
Critical Nessus Plugin ID 78828
SynopsisThe management application installed on the remote host is affected by a command injection vulnerability known as Shellshock.
DescriptionAccording to its self-reported version number, the version of Cisco Prime Security Manager installed on the remote host is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.
SolutionUpgrade to Cisco Prime Security Manager 220.127.116.11 (9) or later.