-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-023 Title: Cisco Prime Infrastructure Command Execution Vulnerability [1] Version history: 28.02.2014 Initial publication Summary ======= A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper validation of URL requests. An attacker could exploit this vulnerability by requesting an unauthorized command via a specific URL. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges [1]. Background ========== This vulnerability is documented in Cisco bug ID CSCum71308 (registered customers only) and has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2014-0679. Versions Affected ================= 1.2 - all versions (will not be patched) 1.3 - prior to 1.3.0.20-2 1.4 - prior to 1.4.0.45-2 2.0 - prior to 2.0.0.0.294-2 What can you do? ================ Upgrade to a patched version. More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTEL0+AAoJEPpzpNLI8SVo6LMQALApqVyq01qLkphwjE548PWe LuiE7rvrIZdLTf0sAU9L0sAPdmtMYboP706TFUTC/qYy6Ie1kcFQyDlYvh9HwqcW XhPAAFpz5Y0P3aGnJY9OX2xc5VKBexeaZRYURtz+pzWp7FpHIj74QxTwNwB+y3DF QuRSjlgOVpDkHOlU26I1cTMAL8/d2uaN+j/ijVaDXvnl6t1iUJTaAzAWvNdQWmIa hXh8eo5ljEt5DhcUoa5DKjk3Vzh/MfSFao6fpkM7xfSS2hkyTSju/o8A/ieWBSyd 3bE7OX0jdXlEG/34Yeia5zTB9dDyQpRjl1/TC50YRYZWyUEvBnwLm2ZpORar87o2 RFyQ7/0PVIwksbf2aEwegJqXP4ywmirlxACcwgEZxUtJAl/zotHvvZICm4wv+35j 7/c7Zt7RsBmUq/hx9yIaZOipfLv8R3dPfr/mYAABoa/G1OXtniESXtqpn+6a35I1 I7aYJ8bfaPZ3R3rVd/kOmf7FSyzI6UtGK/+9gxNL5kUv0E5XGXMDfkQsbwab3v95 sAFuMUVeBBjfwrsdf0p8IOtzndQ5JB0gTcCX6BU4FgUqyyT9caBFCoiZJ4PjD1yA fXfunbiDP40iAlAkghIFi+41fatvaRBfJFnIwhdiWerLrmCtmg1A7H2bz48lR500 42SBn6ecVWb53LCaEfcG =AE4C -----END PGP SIGNATURE-----