漏洞起因
边界条件错误
危险等级
低
影响系统
Cisco TelePresence Readiness Assessment Manager (CTRAM) 1.0
Cisco CiscoWorks QoS Policy Manager 4.0.2
Cisco CiscoWorks QoS Policy Manager 4.0.1
Cisco CiscoWorks QoS Policy Manager 4.0
Cisco CiscoWorks Lan Management Solution 3.2
Cisco CiscoWorks Lan Management Solution 3.0 (Dec 2007 Update
Cisco CiscoWorks Lan Management Solution 3.0
Cisco CiscoWorks Lan Management Solution 2.6 Update
Cisco CiscoWorks Common Services 3.1.1
Cisco CiscoWorks Common Services 3.0.6
Cisco CiscoWorks Common Services 3.0.5
Cisco CiscoWorks Common Services 3.3.0
Cisco CiscoWorks Common Services 3.2
Cisco CiscoWorks Common Services 3.1
Cisco Cisco Unified Service Monitor 2.0.1
Cisco Cisco Unified Operations Manager (CUOM) 2.0.3
Cisco Cisco Unified Operations Manager (CUOM) 2.0.2
Cisco Cisco Unified Operations Manager (CUOM) 2.0.1
Cisco Cisco Security Manager (CSM) 3.1.1
Cisco Cisco Security Manager (CSM) 3.0.2
Cisco Cisco Security Manager (CSM) 3.2
Cisco Cisco Security Manager (CSM) 3.1
不受影响系统
Cisco CiscoWorks Common Services 4.0
危害
远程攻击者可以利用漏洞以应用程序安全上下文执行任意指令。
攻击所需条件
攻击者必须访问CiscoWorks Common Services WEB服务器。
漏洞信息
CiscoWorks Common Services是CiscoWorks应用所共享的通用管理服务集。
Oracle Solaris和Microsoft Windows平台上的CiscoWorks Common Services存在安全漏洞,允许远程未验证攻击者以SYSTEM管理员权限执行任意代码。
CiscoWorks Common Services上的WEB服务器模块中Cisco开发的验证代码存在可利用的缓冲区溢出,此漏洞可远程无需验证利用。
成功利用此漏洞可导致WEB服务器崩溃或允许攻击者在服务器上执行任意代码。任何代码可以SYSTEM管理员权限执行。
此漏洞利用在TCP 443或1741端口之上。
测试方法
厂商解决方案
Cisco CiscoWorks Common Services 4.0及之后版本不受此漏洞影响,建议用户下载使用:
http://www.cisco.com
漏洞提供者
Cisco
0 条评论。