Cisco CiscoWorks Internetwork Performance Monitor Remote Command Execution

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote service allows execution of arbitrary commands.

Description :

CiscoWorks Internetwork Performance Monitor (IPM) is a troubleshooting
application that gauges network response time and availability. It is
available as a component within the CiscoWorks LAN Management Solution
(LMS) bundle.

CiscoWorks IPM version 2.6 for Sun Solaris and Microsoft Windows
operating systems contains a process that causes a command shell to
automatically be bound to a randomly selected TCP port.

Remote, unauthenticated users are able to connect to the open port and
execute arbitrary commands with 'casuser' privileges on Solaris
systems and with SYSTEM privileges on Windows systems.

See also :

http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml
http://www.cisco.com/pcgi-bin/tablebuild.pl/ipm-sol?psrtdcat20e2

Solution :

Upgrade to IPM version 2.6 and apply the CSCsj06260 patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 33946 ()

Bugtraq ID: 28249

CVE ID: CVE-2008-1157