-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Prime LAN Management Solution Command Execution Vulnerability Advisory ID: cisco-sa-20130109-lms Revision 1.0 For Public Release 2013 January 9 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco Prime LAN Management Solution (LMS) Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the root user. The vulnerability is due to improper validation of authentication and authorization commands sent to certain TCP ports. An attacker could exploit this vulnerability by connecting to the affected system and sending arbitrary commands. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlDti54ACgkQUddfH3/BbTqTaAEAgJlOLDYzxJMrZGkZhGJxVAEb 8y77RwMX1kn5koY3xXQA/ArQ+4cfPs6cexCLxCwSHqeOjWuN1o41C3X6bXrACK8F =Ixht -----END PGP SIGNATURE-----