Date: 18 April 2013
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0553
Cisco Network Admission Control Manager SQL Injection Vulnerability
18 April 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Network Admission Control Manager
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-1177
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Network Admission Control Manager SQL Injection Vulnerability
Advisory ID: cisco-sa-20130417-nac
Revision 1.0
For Public Release 2013 April 17 16:00 UTC (GMT)
+------------------------------------------------------------------------------
Summary
=======
Cisco Network Admission Control (NAC) Manager contains a vulnerability that
could allow an unauthenticated remote attacker to execute arbitrary code and
take full control of the vulnerable system. A successful attack could allow an
unauthenticated attacker to access, create or modify any information in the NAC
Manager database.
Cisco has released free software updates that address this vulnerability.
There are no workarounds for this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlFu1FEACgkQUddfH3/BbTr/jwD/UmdJ5/x0iKBt+h5P7CyDoCw1
XjSDuB/0AXMfEQLCIXIA/3eqYPgDyYs6Np3C/LGVU/HPNYsC7u7HQ/bV599WGwwb
=RRHX
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUW9uKu4yVqjM2NGpAQLa5BAAld+39nYyIOdVW43O/B8dggTJSaJjc/k3
LWHeVt9rxv4IvC9loLe9ngz5vQqqfkyGZc0fgBqgVj1xwoaSzIij+hlUuCPkgJET
wmsyi8JfwL0upSeh/YVGBAZOQ+GlLzQCJGUoZTG9WvJHm/R+DHcFu9uXxoCPPGM5
z7DgpZFbR1ANB68O8fD1/mwjmrobFNToFTr7orEdjNT7v0Lczpr+xQsKfFXguRpI
gpsKKMriW+DfY9wyW6AwoY7BvM2GSnND3+RwwWCkBb4cA+KR26d8mG93q1KHbQgD
xC3xJ85BTCD7EtL5p9jgh4j9vJscJMcvSPewpFOIzdn+QIb8ze/iHvBa101JNC+2
a3Czy/PTFPHPDbUfGYMClAZQMc65wqKldBNMv03712P7F6p/Og3VIo4vcOMefGYR
HN8nq8FwRMzcYADvwK9IduFTvaJzAYSp4LTYAg2fp6SJ+zEMJJqir9FX1pyuCDnt
qLvtECdW4FsMoDbiEWjdfosUjxLmpxf+Ve41rOMzfNcGU0znLY13kmJFvrKplIBl
3qkpMIgV9VYyUj9+anxmy3xYtq+h2nF+DYx7JwEOOE4rCYtPSMaC12PJ1c4FanV0
eaB5t9srhMZj3DwGnVhhAO3lbKMmK7/BG3iyBK3s+MEj38D6V/JdX+JbDFgdp/ux
Ap15UG8lHs4=
=AwlQ
-----END PGP SIGNATURE-----
|