Cisco suffers from privilege escalation and remote SQL injection vulnerabilities.
25407353caf6aca542808b9d27be690ffb02e2d5aac3225f07064d6caa0b06ddHi
Advisory by Cisco was published a few days ago (Bugtraq ID: 48810).
Now more details:
1. Unathenticated access to web management (any user - including admin).
Due to blind SQLi in the login form of web management (port 443, https,
login field, embedded sqlite DB), there is possible to obtain:
a) all logins
b) all passwords (which are kept in the DB in plaintext)
c) other data stored in internal DB
2. Privilege escalation to OS root level.
Having access to any user on the target system (including guest user),
it is possible to get full OS root access by injection in ping/traceroute/dns lookup
functionalities.
User interface prohibits such injections, but viewing / modifying http
requests in raw form allows to bypass that restriction.
More datailed information - including screenshots:
http://www.securitum.pl/dh/cisco_sa500_hacking
--
Michal Sajdak, Securitum
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed