cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
368
Views
0
Helpful
1
Replies
Enthusiast

CSCvk30822 - Cisco Prime License Manager SQL Injection Vulnerability

Hello,

 

While reading the Readme for the COP file to address the vulnerability CSCvk30822 related to PLM server. https://www.cisco.com/web/software/284832458/133825/ciscocm.CSCvk30822_v1.0.k3.cop.sgn.Readme-Rev2.pdf

to address this vulnerability, it says that 

 

**Warning – Installing this COP will disable some functionality**

 

Installing this COP file will disable the Backup, Restore, and Install/Upgrade functionality in standalone PLM deployments. If you install this COP to remediate CVE-2018-15441, you must install the ciscocm.CSCvk30822_v2.0.k3.cop.sgn COP to restore that functionality. The ciscocm.CSCvk30822_v2.0.k3.cop.sgn COP file will be released on or about the week of December 17.

However, the V2 COP file is still unavailable. Anyone has the luck to receive this COP file or if someone could publish this  ciscocm.CSCvk30822_v2.0.k3.cop.sgn COP file?

 

This vulnerability looks to be resolved in ELM.11.5(1.16001.2). However, this upgrade file is unavailable via Software Downloads Page. 

 

In short, it would be great if someone could publish the V2 COP file, as I have already installed the  ciscocm.CSCvk30822_v1.0.k3.cop.sgn file on the Standalone PLM. Or is it too early to ask for.

 

Cheers,

Amit

 

Everyone's tags (4)
1 REPLY 1
Highlighted
Beginner

Re: CSCvk30822 - Cisco Prime License Manager SQL Injection Vulnerability

For anyone still searching for this, I found it here.  Released Dec 19, 2018.

software.cisco.com/download/redirect?i=!s&imageGuId=DF7395294C98BAD9A377F209E4C6F50A1C5856A5

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here