{"vuid":"VU#300820","idnumber":"300820","name":"Cisco Prime Infrastructure contains SUID root binaries","keywords":["suid","cisco"],"overview":"The Cisco Prime Infrastructure version 2.2 contains two binaries with SUID root world-executable privileges, allowing any local user to execute arbitrary commands as root.","clean_desc":"CWE-276: Incorrect Default Permissions Two binaries are included in Cisco Prime version 2.2 that run as SUID root with world-executable privileges. The commands are /opt/CSCOlumos/bin/runShellCommand\n/opt/CSCOlumos/bin/runShellAsRoot These commands may be used to run arbitrary commands as root by any local user. According to Cisco, the default installation does not create any regular users, and Cisco does not support or recommend creating regular users or utilizing the command line shell for administration. Cisco has provided more information in a security advisory (customer user account required to view).","impact":"A remote authenticated user may escalate privileges to root and execute arbitrary commands.","resolution":"Apply an update Cisco has released an update to address this issue. For more information on the update, please see Cisco's security advisory (customer user account required to view). Affected users should update as soon as possible. You may also consider the following workaround:","workarounds":"Restrict executable permissions According to the reporter, affected users may remove the world-executable permissions on runShellCommand and runShellAsRoot to disallow any local account from utilizing these binaries.","sysaffected":"","thanks":"Thanks to Jeremy Brown for reporting this issue.","author":"This document was written by Garret Wassermann.","public":["https://tools.cisco.com/bugsearch/bug/CSCut39938","https://tools.cisco.com/quickview/bug/CSCut39938"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-03-10T14:15:46Z","publicdate":"2015-07-31T00:00:00Z","datefirstpublished":"2015-08-17T19:26:09Z","dateupdated":"2015-08-17T19:26:09Z","revision":57,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9","cvss_basevector":"AV:N/AC:L/Au:S/C:C/I:C/A:C","cvss_temporalscore":"8.5","cvss_environmentalscore":"6.43574232","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}