Cisco Bug: CSCuw21825 - Cisco Prime Network Registrar Privilege Escalation Vulnerability
Nov 15, 2016
- Cisco Network Registrar
Known Affected Releases
8.1(3.3) 8.2(3) 8.3(2)
Symptom: A vulnerability in the default configuration of the Cisco Prime Network Registrar (CPNR) virtual appliance (OVA) which could allow an authenticated, local attacker to gain root privileges. The vulnerability is due to an insecure default account present on the affected device. A local attacker could exploit the vulnerability by using the insecure default account to gain additional privileges on the affected device. If successful, the attacker could gain root privileges and possibly compromise the affected device. Conditions: Device running with default configuration running an affected version of software. This only occurs on a CPNR OVA running CentOS 6.5. It does not appear in any software installation of the CPNR application product. It only appears when the virtual appliance (OVA) which contains the CPNR application is deployed to a VMware ESXi hypervisor.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases