Cisco Prime web interface is affected by a couple of security flaws whose successful exploitation would allow threat actors to deploy remote code execution (RCE) attacks. This is a network management solution that enables monitoring, optimization, and troubleshooting tasks on wireless and wired devices.
The researcher Andreas Finstad, in charge of the report mentions that when chained, these failures could completely compromise the Prime server and provide the attacker with a reverse shell. Apparently, the flaws exist due to a cross-site scripting (XSS) vector that is exploited through SNMP, a protocol used to discover devices on a network.
By abusing this feature, the researcher was able to exploit other vulnerabilities in a chained manner, starting by exploiting a flaw in the session identification cookie stored in LocalStorage, allowing access to the active session of the affected administrator.
Using the stolen administrator token, the researcher also tried to send commands to Prime’s management interface. Like most web applications, Prime’s management interface avoids such commands, although the abuse of a function for token generation eventually made it possible to evade cross-site request forgery (CSRF) protections.
This report notes how often similar vulnerabilities can be found in web application protection: “From a security perspective, the browser is not under the control of the client, so it is better to check the security on the user side,” says the expert.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
The post 2 critical vulnerabilities discovered in Cisco Prime servers appeared first on Information Security Newspaper | Hacking News.