Title

CiscoWorks Remote Code Execution Vulnerability (Cat I impact)

Discussion

Cisco has addressed a vulnerability affecting Ciscoworks Internetwork Performance Monitor (IPM) for Windows. CiscoWorks is a suite of tools used for managing Cisco networks and devices. To exploit this vulnerability, a remote attacker would send a malicious request to a vulnerable system. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code with system privileges resulting in the compromise of affected systems. At this time, there are no known exploits associated with this vulnerability; JTF-GNO is not aware of any DoD related incidents. CiscoWorks IPM Remote Code Execution Vulnerability - (CVE-2010-0138): CiscoWorks IPM is a troubleshooting application that gauges network response time and availability. CiscoWorks IPM is available as a component within the CiscoWorks LAN Management Solution (LMS) bundle. CiscoWorks IPM versions 2.6 and earlier for Windows contain a buffer overflow vulnerability when processing Common Object Request Broker Architecture (CORBA) GIOP requests. By sending a crafted CORBA GIOP request, a remote, unauthenticated attacker may be able to trigger the buffer overflow condition and execute arbitrary code with SYSTEM privileges on affected Windows systems. This vulnerability is documented in Cisco Bug ID CSCsv62350 and has been assigned the Common Vulnerabilities and Exposures.

Check Content

See IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: CiscoWorks IPM versions 2.6 and earlier for Windows operating systems View Help, About from the application’s menu to determine version.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-22633

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.