PROBLEM:
CiscoWorks Common Services Home Page Input Validation Flaw Lets Remote Users Execute Arbitrary Commands.
PLATFORM:
CiscoWorks Common Services-based products prior to version 4.1 running on Microsoft Windows
ABSTRACT:
Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.
reference LINKS:
Cisco Security Advisory ID: cisco-sa-20111019-cs
Cisco Security Advisories and Responses
SecurityTracker Alert ID: 1026226
CVE-2011-3310
IMPACT ASSESSMENT:
High
Discussion:
A vulnerability was reported in CiscoWorks Common Services. A remote user can execute arbitrary commands on the target system. A remote user can submit a specially crafted URL via TCP port 443 or 1741 to execute arbitrary commands on the target system. The commands will run with system administrator privileges.
Impact:
Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.
Solution:
The vendor has issued a fix (Common Services version 4.1).
Cisco Customer Log In
Support and Downloads