Vigil@nce: CiscoWorks, code execution
May 2008 by Vigil@nce
SYNTHESIS
An attacker can use a malicious url in order to execute code on
the CiscoWorks Common Services web server.
Gravity: 3/4
Consequences: user access/rights
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 28/05/2008
Identifier: VIGILANCE-VUL-7859
IMPACTED PRODUCTS
– Cisco CiscoWorks
DESCRIPTION
The CiscoWorks Common Services suite is used in several Cisco
products:
– Cisco Unified Operations Manager (CUOM)
– CiscoWorks QoS Policy Manager (QPM)
– CiscoWorks LAN Management Solution (LMS)
– Cisco Security Manager (CSM)
– Cisco TelePresence Readiness Assessment Manager (CTRAM)
An attacker can use a malicious url in order to execute code on
the CiscoWorks Common Services web server.
Technical details are unknown.
CHARACTERISTICS
Identifiers: 105452, cisco-sa-20080528-cw, CSCsm77245,
CVE-2008-2054, VIGILANCE-VUL-7859