04-18-2016 07:17 AM - edited 03-20-2019 08:54 PM
Hi Community !
I need your help about a case impacting Cisco Prime LMS.
Few weeks ago, a vulnerability was published => https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms
On main page we can see "All versions are impacted". But on BugID CSCuw85390 we can see only one version as known impacted version : 4.2(5).
Anyone has information about this case ? Are earlier versions vulnerable or 4.2(5) is the only one ?
Thanks for your help guys !
04-19-2016 09:22 AM
Hi there,
Many times, for a case like this, Cisco will only list one affected version but further up in the actual Bug notes you see this;
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw85390
Symptom:
A vulnerability in Cisco Prime LMS could allow an authenticated, local attacker to decrypt and access data fields in the LMS database used to manage Cisco
networks.
The vulnerability is due to the presence of a default database decryption key that is shared across all the installations of Cisco Prime LMS. A locally authenticated
attacker could exploit this vulnerability by obtaining the hard-coded key and using it to connect and decrypt all the data in the LMS database.
Conditions:
An attacker has to have a valid account on the operating system of the device on which LMS is installed and be locally connected to it's console in order to obtain a
default hard-coded key. This account does not have to have admin or root privileges.
By extracting a default, hard-coded key from the device file system, an attacker can further use the key to decrypt and access all the fields in the LMS database used
to manage devices in the Cisco network.
Once obtained, the key can be used to access the database either locally or via remote connection to the LMS.
All versions of Cisco Prime LMS are affected by this.
04-19-2016 09:47 AM
Hi Rob,
Thanks for your quick reply.
So if I understand, Cisco mean in the BugID that all version up to and including 4.2(5) are affected.
Is it not possible for Cisco to select "All versions" in "Known Affected Releases" ?
Thanks Rob.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide