Guest

Preview Tool

Cisco Bug: CSCuw21825 - Cisco Prime Network Registrar Privilege Escalation Vulnerability

Last Modified

Nov 15, 2016

Products (1)

  • Cisco Network Registrar

Known Affected Releases

8.1(3.3) 8.2(3) 8.3(2)

Description (partial)

Symptom:
A vulnerability in the default configuration of the Cisco Prime Network
Registrar (CPNR) virtual appliance (OVA) which could allow an authenticated,
local attacker to gain root privileges.

The vulnerability is due to an insecure default account present on the
affected device. A local attacker could exploit the vulnerability by using
the insecure default account to gain additional privileges on the affected
device. If successful, the attacker could gain root privileges and possibly
compromise the affected device.

Conditions:
Device running with default configuration running an affected version of software.  
This only occurs on a CPNR OVA running CentOS 6.5.  It does not appear in any software 
installation of the CPNR application product.  It only appears when the virtual appliance (OVA)
which contains the CPNR application is deployed to a VMware ESXi hypervisor.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.