You are here

T-560: Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability

February 18, 2011 - 7:00am

Addthis

PROBLEM:

Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability.

PLATFORM:

Cisco Security Agent software releases 5.1, 5.2, and 6.0 are affected by this vulnerability.

Note: Only the Management Center for Cisco Security Agent is affected by this vulnerability. Cisco Security Agent installations on end-point workstations or servers are not affected by this vulnerability.

ABSTRACT:

The Management Center for Cisco Security Agent is affected by a vulnerability that may allow an unauthenticated attacker to perform remote code execution on the affected device.

reference LINKS:

Advisory ID: cisco-sa-20110216-csa
SecurityTracker Alert ID:1025088
CVE-2011-0364
Cisco Security Advisories

IMPACT ASSESSMENT:

High

Discussion:

Cisco Security Agent provides threat protection for server and desktop computing systems. Cisco Security Agent can function in a standalone manner or can be managed by the Management Center for Cisco Security Agent.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to perform remote code execution on the affected device and to perform agent policy modification, system configuration, and other administrative tasks.

The Management Center for Cisco Security Agent is affected by a vulnerability that could allow an unauthenticated attacker to perform remote code execution on the affected device. A successful exploit could allow the attacker to modify agent policies and system configuration and perform other administrative tasks.

Note: This vulnerability can be exploited only by sending certain packets to the web management interface, which by default listens on TCP port 443

Solution:

Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

Workarounds: Complete the following steps to deploy this policy for the Cisco Security Agent running on the Management Center for Cisco Security Agent server.
Create a New Application Class

- Cisco Downloads
Cisco Download Software

 

Addthis