Cisco/Protego CS-MARS remote command execution and system compromise exploit that makes use of an insecure JBoss installation in CS-MARS versions below 4.2.1.
54fe66cacd7116d763993ab2281815e624610e13a10347c112c62d30699df620
Cisco Security Advisory - Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains vulnerabilities related to third-party software and the command line interface (CLI). CS-MARS ships with an Oracle database. The database contains several default Oracle accounts which have well-known passwords. If access to the database is obtained, the default accounts may be used to access sensitive information contained in the database. CS-MARS ships with the JBoss web application server. A component of the JBoss installation may allow a remote, unauthenticated user to execute arbitrary shell commands with the privileges of the CS-MARS administrator. The CS-MARS CLI contains several vulnerabilities which may allow authenticated administrators to execute arbitrary shell commands with root privileges. All vulnerabilities addressed in this advisory have been corrected in CS-MARS software version 4.2.1.
6d8365bbd3df900adf1c27abe88979a9285dccdcd49ddb8df480d3c4b145d83c