Cisco Prime Collaboration Provisioning 9.0.x / 11.0.x < 11.1 Local Privilege Escalation (cisco-sa-20160209-pcp)

medium Nessus Plugin ID 93400

Synopsis

The remote network management server is affected by a privilege escalation vulnerability.

Description

According to its self-reported version number, the remote Cisco Prime Collaboration Provisioning server is 9.0.x or 11.0.x prior to 11.1. It is, therefore, affected by a local privilege escalation vulnerability in its command line interface due to improper sanitization of user-supplied input. A local attacker with administrator-level access can exploit this to gain root access to the host operating system.

Solution

Upgrade to Cisco Prime Collaboration Provisioning version 11.1.0 or later.

See Also

http://www.nessus.org/u?d1574c1f

Plugin Details

Severity: Medium

ID: 93400

File Name: cisco_prime_cp_sa-20160209-pcp.nasl

Version: 1.6

Type: combined

Family: CISCO

Published: 9/9/2016

Updated: 11/14/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2016-1320

CVSS v3

Risk Factor: Medium

Base Score: 6.7

Temporal Score: 5.8

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:prime_collaboration_provisioning, cpe:/a:cisco:prime_collaboration

Required KB Items: Host/Cisco/PrimeCollaborationProvisioning/version

Exploit Ease: No known exploits are available

Patch Publication Date: 2/9/2016

Vulnerability Publication Date: 2/9/2016

Reference Information

CVE: CVE-2016-1320

BID: 83137

CISCO-BUG-ID: CSCux69286

CISCO-SA: cisco-sa-20160209-pcp