![[CERT-SE]](/static/img/cert-se.svg)
![[MSB]](/static/img/msb.svg)
Uppdaterad | Publicerad
SR08-177 Cisco - Sårbarhet i CiscoWorks
Cisco har släppt version 3.2 av CiscoWorks Common Services. Denna version åtgärdar en säkerhetsbrist som kan leda till att kod exekveras på ett sårbart system.
Problembeskrivning
CVE-referens: CVE-2008-2054
Dave Lewis från Liquidmatrix.org har identifierat en sårbarhet i CiscoWorks Common Services. Tjänsterna som ingår i CiscoWorks Common Services, delas av ett flertal CiscoWorks-produkter såsom;
Cisco Unified Operations Manager (CUOM)
Cisco Unified Service Monitor (CUSM)
CiscoWorks QoS Policy Manager (QPM)
CiscoWorks LAN Management Solution (LMS)
Cisco Security Manager (CSM)
Cisco TelePresence Readiness Assessment Manager (CTRAM)
Sårbarheten går att utnyttja genom att skicka specialkonstruerade URL:er till systemet och då få systemet att exekvera kod. Användaren behöver inte vara inloggad i systemet och sårbarheten går att utnyttja över nätverket.
Påverkade versioner
- Cisco Cisco Security Manager (CSM) 3.0
- Cisco Cisco Security Manager (CSM) 3.0.1
- Cisco Cisco Security Manager (CSM) 3.0.2
- Cisco Cisco Security Manager (CSM) 3.1
- Cisco Cisco Security Manager (CSM) 3.1.1
- Cisco Cisco Security Manager (CSM) 3.2
- Cisco Cisco Unified Operations Manager (CUOM) 1.1
- Cisco Cisco Unified Operations Manager (CUOM) 2.0
- Cisco Cisco Unified Operations Manager (CUOM) 2.0.1
- Cisco Cisco Unified Operations Manager (CUOM) 2.0.2
- Cisco Cisco Unified Operations Manager (CUOM) 2.0.3
- Cisco Cisco Unified Service Manager (CUSM) 1.1
- Cisco Cisco Unified Service Manager (CUSM) 2.0
- Cisco Cisco Unified Service Manager (CUSM) 2.0.1
- Cisco CiscoWorks Common Services 3.0.3
- Cisco CiscoWorks Common Services 3.0.4
- Cisco CiscoWorks Common Services 3.0.5
- Cisco CiscoWorks Common Services 3.0.6
- Cisco CiscoWorks Common Services 3.1
- Cisco CiscoWorks Common Services 3.1.1
- Cisco Lan Management Solution
- Cisco Lan Management Solution 2.5
- Cisco Lan Management Solution 2.5.1
- Cisco Lan Management Solution 2.6
- Cisco Lan Management Solution 3.0
- Cisco QoS Policy Manager
- Cisco QoS Policy Manager 4.0
- Cisco QoS Policy Manager 4.0.1
- Cisco QoS Policy Manager 4.0.2
- Cisco TelePresence Readiness Assessment Manager (CTRAM) 1.0
Mer information och programrättningar
http://www.cisco.com/warp/public/707/cisco-sa-20080528-cw.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a00809a1f14.shtml
http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/
http://www.securityfocus.com/bid/29409
http://permalink.gmane.org/gmane.comp.security.full-disclosure/61331
http://packetstormsecurity.org/filedesc/cisco-sa-20080528-cw.txt.html
http://www.frsirt.com/english/advisories/2008/1687
http://www.securitytracker.com/alerts/2008/May/1020127.html