发布日期：2013-01-09
更新日期：2013-01-10

受影响系统：

Cisco Prime LAN Management Solution 4.2.2
Cisco Prime LAN Management Solution 4.2.1
Cisco Prime LAN Management Solution 4.2
Cisco Prime LAN Management Solution 4.1
Cisco Prime LAN Management Solution

不受影响系统：

Cisco Prime LAN Management Solution 4.2.3

描述：

---

BUGTRAQ  ID: 57221
CVE(CAN) ID: CVE-2012-6392

CiscoWorks LAN Management Solution (LMS)是一套局域网管理套装，可简化配置、管理、监控和维护思科网络。

Cisco Prime LAN Management Solution (LMS) Virtual Appliance在实现上存在一个任意命令执行漏洞，此漏洞源于不正确验证发送到某TCP端口的身份认证和授权命令。一个未认证的攻击者可通过连接到受影响系统并发送任意命令利用此漏洞。仅Linux平台上的设备受到影响。

<*来源：vendor
  
  链接：http://seclists.org/fulldisclosure/2013/Jan/42?utm_source=twitterfeed&utm_medium=twitter
        http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20130109-lms）以及相应补丁:

cisco-sa-20130109-lms：Cisco Prime LAN Management Solution Command Execution Vulnerability

链接：http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms

浏览次数：4705
严重程度：0（网友投票）