Executive Summary
Summary | |
---|---|
Title | CiscoWorks Common Services Arbitrary Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20101027-cs | First vendor Publication | 2010-08-31 |
Vendor | Cisco | Last vendor Modification | 2010-10-27 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
CiscoWorks Common Services for both Oracle Solaris and Microsoft Windows contains a vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code on a host device with privileges of a system administrator. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. Mitigations that limit the attack surface of this vulnerability are available. |
Original Source
Url : http://www.cisco.com/warp/public/707/cisco-sa-20101027-cs.shtml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68927 | CiscoWorks Common Services TCP Packet Handling Overflow CiscoWorks Common Services is prone to an overflow condition. The authentication functionality in the web-server module fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted packet, a remote attacker can potentially execute arbitrary code. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-11-18 | IAVM : 2010-A-0164 - CiscoWorks Common Services Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0025765 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-08-21 | Name : The remote Windows host has an application installed that is affected by an a... File : ciscoworks_common_services_20101027.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:22:00 |
|
2013-11-11 12:37:29 |
|