Cisco Content Services Switch User Privilege Elevation Vulnerability

The Cisco Content Services (CSS) switch is an Enterprise-level utility by Cisco Systems. The CSS switch is a Layer 5 and 7 aware switch capable of providing a high performance frontend to web server farms and caches.

A problem with the CSS switch firmware allows some users to change configuration of the switch. A bug introduced in the last revision of the WebNS software that could allow users with unprivileged accounts on the switch to gain elevated privileges through local commands on the switch. Upon taking advantage of this vulnerability, the user could change the configuration of the switch.

Therefore, it is possible for a user with unprivileged access on the switch to gain elevated privileges, and potentially change configuration of the switch.


 

Privacy Statement
Copyright 2010, SecurityFocus