Cisco Prime Security Manager GNU Bash Environment Variable Handling Command Injection (cisco-sa-20140926-bash) (Shellshock)
Critical Nessus Plugin ID 78828
Synopsis
The management application installed on the remote host is affected by a command injection vulnerability known as Shellshock.
Description
According to its self-reported version number, the version of Cisco Prime Security Manager installed on the remote host is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.
Solution
Upgrade to Cisco Prime Security Manager 9.3.2.1 (9) or later.