You are here

U-015: CiscoWorks Common Services Home Page Input Validation Flaw Lets Remote Users Execute Arbitrary Commands

October 20, 2011 - 7:30am

Addthis

PROBLEM:

CiscoWorks Common Services Home Page Input Validation Flaw Lets Remote Users Execute Arbitrary Commands.

PLATFORM:

CiscoWorks Common Services-based products prior to version 4.1 running on Microsoft Windows

ABSTRACT:

Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.

reference LINKS:

Cisco Security Advisory ID: cisco-sa-20111019-cs
Cisco Security Advisories and Responses
SecurityTracker Alert ID: 1026226
CVE-2011-3310

IMPACT ASSESSMENT:

High

Discussion:

A vulnerability was reported in CiscoWorks Common Services. A remote user can execute arbitrary commands on the target system. A remote user can submit a specially crafted URL via TCP port 443 or 1741 to execute arbitrary commands on the target system. The commands will run with system administrator privileges.

Impact:

Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.

Solution:

The vendor has issued a fix (Common Services version 4.1).
Cisco Customer Log In
Support and Downloads

Addthis