—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Directory Connector Search Order Hijacking Vulnerability

Advisory ID: cisco-sa-20190417-cdc-hijack

Revision: 1.0

For Public Release: 2019 April 17 16:00 GMT

Last Updated: 2019 April 17 16:00 GMT

CVE ID(s): CVE-2019-1794

CVSS Score v(3): 5.1 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

+———————————————————————

Summary

=======

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing.

The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources.

There are workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJct1BdXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczOFgP+gJdJm1o90LCGYjFcYikAM68AyiE
4CTL15GcUSTyFf43VzGx6buPZlZRw2FOovNFRd/xuq3OzGZ1u1DKjM5nqKwTSQSF
RlQGWz5Yqa8aa03ju+kZyeN9KIp4efIFWXt8W1lbMqtyIlz/8SUCV7uzRaStWwAZ
5pAsgzUqLhavOxoljNy0VLGvAdjvJX00XZuCP0gihWD3hBYSLi/1/LF//JZYcuOw
7ieiBJVYexOQq+/5CWq0pMEZsHxqMU7ddXkcNU9M8xcb7T7YI8mpv0yepGLJFhB4
RnyiuGuXHf5vC5kPujFN+dARgnyCFwsFgdYiLUYsQT/GvPZI9dmQQ2xWMEufKx2v
BAm9ByOR1UGlAmUMHfyK2FOI1aH4vVKIvtfCVz21tmyKn/IXF1IivTUYZEsKRH+g
o2H0ngx4T+Q8aDIsOCjKvLVcoZSptw85YhTP72Bb7O5nP9RmcmvuBNzEsZOPxFwm
ZTS6ayA/NfPhZryaDpsk9kOS5jwf9Fd3bkobfqAuhvBclzYbtmggTBCkkbRXXxgg
FNI3kNI5LXH4CL0cUSg7uZqsWzJe2i2fjUssk6Wi188Qh2iE2M1IyBXsDGz4jXiu
oabdDa9sqmrst3AL8CoPZzHOY8FoEY0l5htyXFj/YUjY8xIzDb7kMiUMzIkWGgxp
tpY8lUtXYCJep7Dq
=JKve
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com