Cisco Primes bug-fixes

Cisco Prime network management users have a bunch of patches to implement, covering both local and remote vulnerabilities.

All the bugs are in the Cisco Prime Network Analysis module.

Probably the most critical is this one. Improper input validation in the software lets an attacker send a crafted HTTP request to the target, which “could allow the attacker to execute arbitrary commands or code on the underlying operating system with the reduced privileges of the web server.”

Next is an IPv6 denial-of-service vulnerability in the network analysis module.

The module has a bug in how it calculates IPv6 payload length, so a crafted packet can DoS the software.

There's also a command injection vulnerability that lets a local user escalate their privilege to root; and a remote code execution vulnerability that's only exploitable by an authenticated user. ®