You are here

U-084: Cisco Digital Media Manager Lets Remote Authenticated Users Gain Elevated Privileges

January 19, 2012 - 9:00am

Addthis

PROBLEM:

A remote authenticated user can gain elevated privileges on the target system.

PLATFORM:

Cisco Digital Media Manager: Version(s) 5.22 and prior, 5.2.3

ABSTRACT:

The system does not properly validate unreferenced URLs.

REFERENCE LINKS:

Vendor Advisory
SecurityTracker Alert ID: 1026541
CVE-2012-0329

IMPACT ASSESSMENT:

medium

Discussion:

Cisco Show and Share is not directly affected by this vulnerability, but a user can exploit the Cisco Digital Media Manager to gain full access to Cisco Show and Share.

Impact:

A remote authenticated user can send a specially crafted URL via TCP port 8443 to access administrative resources and gain administrative privileges.

Solution:

Cisco has released free software updates that address this vulnerability

Addthis