SynopsisThe management application installed on the remote host is affected by a command injection vulnerability known as Shellshock.
DescriptionAccording to its self-reported version number, the version of Cisco Prime Security Manager installed on the remote host is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.
SolutionUpgrade to Cisco Prime Security Manager 22.214.171.124 (9) or later.