Title

CiscoWorks Common Services Remote Code Execution Vulnerability (Cat I impact)

Discussion

Cisco has addressed a vulnerability affecting CiscoWorks Common Services for Microsoft Windows. CiscoWorks Common Services is a set of management services that are shared by network management applications in CiscoWorks. To exploit this vulnerability, a remote attacker would send malicious data to the affected system. If successfully exploited, this vulnerability would allow an authenticated remote attacker to execute arbitrary code and compromise the affected systems. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. CiscoWorks Common Services Arbitrary Command Execution Vulnerability - (CVE-2011-3310): The vulnerability is due to improper input validation in the CiscoWorks Home Page component. An attacker could exploit this vulnerability by sending a specially crafted URL to the affected system. An exploit could allow the attacker to execute arbitrary commands on the affected system with the privileges of a system administrator. This vulnerability affects CiscoWorks Common Services running only on Microsoft Windows. This vulnerability could be exploited over the default management ports, TCP port 1741 or 443. Note: The default management ports can be reconfigured on the server. This vulnerability is documented in Cisco bug IDs CSCtq48990, (registered customers only) for Common Services and CiscoWorks LAN Management Solution, CSCtq63992, (registered customers only) for Cisco Security Manager, CSCtq64011, (registered customers only) for Cisco Unified Service Monitor, CSCtq64019, (registered customers only) for Cisco Unified Operations Manager, CSCtr23090, (registered customers only) for CiscoWorks QoS Policy Manager, and CSCtt25535, (registered customers only) for CiscoWorks Voice Manager.

Check Content

See IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: All versions of CiscoWorks Common Services-based products running on Microsoft Windows (listed in charts below) Note: Common Services version 4.1 and later are not affected by this vulnerability Check the application’s version number by using the Help, About menu. Alternately, check the version through the Support information link for the program in Add or Remove Programs or in Programs and Features (Vista forward). To expose the version column in Programs and Features right click somewhere in the column headers, select More and select Version.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-30544

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.