PROBLEM:
A remote authenticated user can gain elevated privileges on the target system.
PLATFORM:
Cisco Digital Media Manager: Version(s) 5.22 and prior, 5.2.3
ABSTRACT:
The system does not properly validate unreferenced URLs.
REFERENCE LINKS:
Vendor Advisory
SecurityTracker Alert ID: 1026541
CVE-2012-0329
IMPACT ASSESSMENT:
medium
Discussion:
Cisco Show and Share is not directly affected by this vulnerability, but a user can exploit the Cisco Digital Media Manager to gain full access to Cisco Show and Share.
Impact:
A remote authenticated user can send a specially crafted URL via TCP port 8443 to access administrative resources and gain administrative privileges.
Solution:
Cisco has released free software updates that address this vulnerability