Cisco is warning its customers about a remote command execution vulnerability in its Cisco Prime Data Center Network Manager. The product manages Ethernet and storage networks and troubleshoots for performance issues on Cisco products running NX-OS software. Versions prior to 6.1.1 are vulnerable to remote exploits on the underlying system that hosts the application, Cisco said.
An attacker could send abitrary commands via the JBoss Application Server Remote Method Invocation (RMI) service, which is exposed to unauthenticated users. Cisco said no exploits are in the wild, but there is a Metasploit module that would exploit the JBoss configuration in question.
More at Cisco Patches Vulnerabilities in Data Center and Web Conferencing Products - Threatpost (blog)
No comments:
Post a Comment