The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisory:
- CiscoWorks Common Services Arbitrary Code Execution Vulnerability
CiscoWorks Common Services Arbitrary Code Execution Vulnerability
CiscoWorks Common Services for both Oracle Solaris and Microsoft Windows contains a vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code on a host device with privileges of a system administrator.
CiscoWorks Common Services versions 3.0.5 and later are affected by this vulnerability. Versions 4.0 and later contain the fix. Administrators can check version details and licensing information about CiscoWorks Common Services by clicking the About button located in the top right corner of the CiscoWorks home page.
CiscoWorks Common Services is a set of management services that are shared by network management applications in a CiscoWorks solution set. CiscoWorks Common Services provides the foundation for CiscoWorks applications to share a common model for data storage, login, user role definitions, access privileges, security protocols, and navigation. It creates a standard user experience for all management functions. It also provides the common framework for all basic system level operations such as installation, data management (including backup-restoration and importing-exporting), event and message handling, job and process management, and software updates.
Exploitable buffer overflows exist in the Cisco developed authentication code in the web server module of CiscoWorks Common Services, which can be exploited remotely without authentication. A successful exploit could cause the web server to crash or allow the attacker to execute arbitrary code on the server. Any code would execute with system administrative privileges. The vulnerability could be exploited over TCP port 443 or 1741.
Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code on the CiscoWorks server machine with the privileges of the system administrator.