Cisco Prime Data Center Network Manager JBoss RMI Services Let Remote Users Execute Arbitrary Commands
All Cisco Prime Data Center Network Manager releases prior to release 6.1(1), for both the Microsoft Windows and Linux platforms, are affected by this vulnerability.
A vulnerability was reported in Cisco Prime Data Center Network Manager.
The vulnerability exists because JBoss Application Server Remote Method Invocation (RMI) services, specifically the jboss.system:service=MainDeployer functionality, are exposed to unauthorized users. An unauthenticated, remote attacker could exploit this vulnerability by sending arbitrary commands via RMI services. An exploit could allow the attacker to execute arbitrary commands on the device.
Commands are executed in the context of the System user for Cisco Prime DCNM running on Microsoft Windows or the root user for Cisco Prime DCNM running on Linux.
Cisco Prime DCNM uses TCP port 1099 or 9099, depending on the Cisco Prime DCNM version, for the RMI registry function. An RMI transaction always starts with a TCP connection to the RMI registry port.
Successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system that hosts the Cisco Prime DCNM application in the context of the System user for Cisco Prime DCNM running on Microsoft Windows) or the root user for Cisco Prime DCNM running on Linux.
Cisco has released free software updates that address the vulnerability described in this advisory. Prior to deploying software, customers are advised to consult their maintenance providers or check the software for feature set compatibility and known issues that are specific to their environments.