Cisco is warning its customers about a remote command execution vulnerability in its Cisco Prime Data Center Network Manager.The product manages Ethernet and storage networks and troubleshoots for performance issues on Cisco products running NX-OS software. Versions prior to 6.1.1 are vulnerable to remote exploits on the underlying system that hosts the application, Cisco said.
An attacker could send abitrary commands via the JBoss Application Server Remote Method Invocation (RMI) service, which is exposed to unauthenticated users. Cisco said no exploits are in the wild, but there is a Metasploit module that would exploit the JBoss configuration in question.
Users are urged to upgrade to release 6.1.1. In the meantime, allowing only legitimate devices to connect to the RMI registry port (either TCP 1099 or 9099) will serve as a workaround.
Cisco is also reporting a SQL injection and buffer overrun vulnerability in its Cisco Unified MeetingPlace Web Conferencing product. Attackers can use a SQL injection to create, delete or alter information in the product’s database. Exploiting the buffer overrun flaw could crash the server hosting the product.
Versions prior to and including 7.0 are vulnerable, as well as 7.1, 8.0 and 8.5
Updates have been released that address these two vulnerabilities. No workarounds are available, Cisco said.