Executive Summary

Summary
TitleCiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities
Informations
Namecisco-sa-20110914-lmsFirst vendor Publication2011-07-29
VendorCiscoLast vendor Modification2011-09-14
Severity (Vendor) N/ARevision1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Two vulnerabilities exist in CiscoWorks LAN Management Solution software that could allow an unauthenticated, remote attacker to execute arbitrary code on affected servers.

Cisco has released free software updates that address these vulnerabilities.

There are no workarounds available to mitigate these vulnerabilities.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9 (...)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application6
Application11
Application8
Application1
Application1
Application1

Open Source Vulnerability Database (OSVDB)

idDescription
77172Cisco Multiple Products brstart.exe SMARTS Request sm_read_string_length Valu...
75442Cisco Multiple Products brstart.exe add_dm Request Parsing Remote Overflow

Information Assurance Vulnerability Management (IAVM)

DateDescription
2011-09-29IAVM : 2011-A-0132 - Remote Code Execution Vulnerability in Cisco Products
Severity : Category I - VMSKEY : V0030269

Nessus® Vulnerability Scanner

DateDescription
2011-10-13Name : The monitoring application hosted on the remote web server has multiple vulne...
File : cisco_uom_8_6.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2013-11-11 12:37:30
  • Multiple Updates
2013-05-11 00:42:42
  • Multiple Updates