Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
0
Helpful
2
Replies

PRIME LMS CSCuw85390 - 4.2(5) only or all versions ?

fboissellexsi
Level 1
Level 1

‎04-18-2016 07:17 AM - edited ‎03-20-2019 08:54 PM

Hi Community !

I need your help about a case impacting Cisco Prime LMS.

Few weeks ago, a vulnerability was published => https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms

On main page we can see "All versions are impacted". But on BugID CSCuw85390 we can see only one version as known impacted version : 4.2(5).

Anyone has information about this case ? Are earlier versions vulnerable or 4.2(5) is the only one ?

Thanks for your help guys !

Labels:
Preview file
9 KB
Preview file
17 KB
0 Helpful
2 Replies 2

Rob Huffman
Hall of Fame
Hall of Fame

‎04-19-2016 09:22 AM

Hi there,

Many times, for a case like this, Cisco will only list one affected version but further up in the actual Bug notes you see this;

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw85390

Symptom:
A vulnerability in Cisco Prime LMS could allow an authenticated, local attacker to decrypt and access data fields in the LMS database used to manage Cisco
networks.

The vulnerability is due to the presence of a default database decryption key that is shared across all the installations of Cisco Prime LMS. A locally authenticated
attacker could exploit this vulnerability by obtaining the hard-coded key and using it to connect and decrypt all the data in the LMS database.

Conditions:
An attacker has to have a valid account on the operating system of the device on which LMS is installed and be locally connected to it's console in order to obtain a
default hard-coded key. This account does not have to have admin or root privileges.
By extracting a default, hard-coded key from the device file system, an attacker can further use the key to decrypt and access all the fields in the LMS database used
to manage devices in the Cisco network.
Once obtained, the key can be used to access the database either locally or via remote connection to the LMS.

All versions of Cisco Prime LMS are affected by this.

0 Helpful

fboissellexsi
Level 1
Level 1
In response to Rob Huffman

‎04-19-2016 09:47 AM

Hi Rob,

Thanks for your quick reply.

So if I understand, Cisco mean in the BugID that all version up to and including 4.2(5) are affected.

Is it not possible for Cisco to select "All versions" in "Known Affected Releases" ?

Thanks Rob.

0 Helpful
Customers Also Viewed These Support Documents