Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3310

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2011-3310
Last Modified 11 Jan 2012 11:04:34
Published 19 Oct 2011 08:55:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-3310

Summary

The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.

Vulnerable Systems

Operating System

  • Microsoft Windows

Application

  • Ciscoworks Common Services 2.2

  • Ciscoworks Common Services 3.0.5

  • Ciscoworks Common Services 3.0.6

  • Ciscoworks Common Services 3.1

  • Ciscoworks Common Services 3.1.1

  • Ciscoworks Common Services 3.2

  • Ciscoworks Common Services 3.3

  • Ciscoworks Common Services 4.0.1


References

CISCO - 20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability

XF - ciscoworks-common-services-command-exec(70759)

BID - 50284

SECUNIA - 46533


Last Updated: 27 May 2016 10:57:18