Title

CiscoWorks Common Services Remote Code Execution Vulnerability (Cat I impact)

Discussion

Cisco has addressed a vulnerability affecting CiscoWorks Common Services for both Oracle Solaris and Microsoft Windows. CiscoWorks Common Services is a set of management services that are shared by network management applications in CiscoWorks. To exploit this vulnerability, a remote attacker would send malicious data to the affected webserver module. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code with system privileges resulting in the compromise of affected systems. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. CiscoWorks Common Services Arbitrary Code Execution Vulnerability - (CVE-2010-3036): Exploitable buffer overflows exist in the Cisco developed authentication code in the web server module of CiscoWorks Common Services, which can be exploited remotely without authentication. A successful exploit could cause the web server to crash or allow the attacker to execute arbitrary code on the server. Any code would execute with system administrative privileges. The vulnerability could be exploited over TCP port 443 or 1741. The vulnerability affects both CiscoWorks Common Services for Oracle Solaris and Microsoft Windows. This vulnerability is documented in Cisco bug ID CSCti41352 (registered customers only). Note: The default HTTP and HTTPS ports can be reconfigured on the server.

Check Content

See the IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: Product Product Version Common Services Version Cisco Unified Operations Manager 2.0.1 3.0.5 2.0.2 3.0.5 2.0.3 3.0.5 Cisco Unified Service Monitor 2.0.1 3.0.5 CiscoWorks QoS Policy Manager 4.0, 4.0.1, and 4.0.2 3.0.5 CiscoWorks LAN Management Solution 2.6 Update 3.0.5 CiscoWorks LAN Management Solution 3.0 3.1 3.0 (December 2007 Update) 3.1.1 3.1 3.2 3.2 3.3.0 Cisco Security Manager 3.0.2 3.0.5 3.1 and 3.1.1 3.0.5 3.2 3.1 3.2.2 3.2.0 3.3 3.2.0 3.3.1 3.2.0 4.0 3.3.0 4.0.1 3.3.0 Cisco TelePresence Readiness Assessment Manager 1.0 3.0.5 Note: CiscoWorks products could be vulnerable if their underlying Common Services versions were upgraded to a vulnerable version. Administrators can check version details and licensing information about CiscoWorks Common Services by clicking the About button located in the top right corner of the CiscoWorks home page.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-25765

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.