多个Cisco产品CVE-2011-2738远程代码执行漏洞

漏洞起因
设计错误
危险等级
中Cisco CiscoWorks Lan Management Solution 4.0
 Cisco CiscoWorks Lan Management Solution 3.2
 Cisco CiscoWorks Lan Management Solution 3.1
 Cisco Cisco Unified Service Monitor 2.1
 Cisco Cisco Unified Service Monitor 2.0.1
 Cisco Cisco Unified Service Monitor 2.0
 Cisco Cisco Unified Service Monitor 1.1
 Cisco Cisco Unified Service Monitor 1.0
 Cisco Cisco Unified Service Manager (CUSM) 2.0.1
 Cisco Cisco Unified Service Manager (CUSM) 2.0
 Cisco Cisco Unified Service Manager (CUSM) 1.1
 Cisco Cisco Unified Operations Manager (CUOM) 2.0.3
 Cisco Cisco Unified Operations Manager (CUOM) 2.0.2
 Cisco Cisco Unified Operations Manager (CUOM) 2.0.1
 Cisco Cisco Unified Operations Manager (CUOM) 8.5
 Cisco Cisco Unified Operations Manager (CUOM) 8.0
 Cisco Cisco Unified Operations Manager (CUOM) 2.3
 Cisco Cisco Unified Operations Manager (CUOM) 2.2
 Cisco Cisco Unified Operations Manager (CUOM) 2.1 SP1
 Cisco Cisco Unified Operations Manager (CUOM) 2.1
 Cisco Cisco Unified Operations Manager (CUOM) 2.0
 Cisco Cisco Unified Operations Manager (CUOM) 1.1
 Cisco Cisco Unified Operations Manager (CUOM) 1.0
 
影响系统
Cisco CiscoWorks Lan Management Solution 4.1
Cisco Cisco Unified Server Manager 8.6
Cisco Cisco Unified Operations Manager (CUOM) 8.6
 
 
不受影响系统
 
危害
远程攻击者可以利用漏洞以应用程序上下文执行任意代码。
 
攻击所需条件
攻击者必须访问Cisco Unified Service Monitor、Cisco Unified Operations Manager和CiscoWorks LAN Management Solution软件。
 
漏洞信息
Cisco Unified Service Monitor和Cisco Unified Operations Manager是Cisco Unified Communications Management Suite中的产品,提供持续监视Cisco Unified Communications System支持的在线呼叫。
Cisco Unified Service Monitor和Cisco Unified Operations Manager存在两个安全漏洞,允许未验证远程攻击者在受影响系统上执行任意代码,这些漏洞可通过向TCP 9002端口发送一系列特制报文触发。
CiscoWorks LAN Management Solution是集成管理套件,用于对网络进行配置,管理,监视,故障排查等攻击。
CiscoWorks LAN Management Solution存在两个安全漏洞,允许未验证远程攻击者在受影响系统上执行任意代码。这些漏洞可通过向TCP 9002端口发送一系列特制报文触发。
 
测试方法
 
厂商解决方案
用户可参考如下供应商提供的安全公告获得补丁信息:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml
 
漏洞提供者
AbdulAziz Hariri working with Zero Day Initiative

发表评论?

0 条评论。

发表评论