This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.
The remote service allows execution of arbitrary commands.
CiscoWorks Internetwork Performance Monitor (IPM) is a troubleshooting
application that gauges network response time and availability. It is
available as a component within the CiscoWorks LAN Management Solution
CiscoWorks IPM version 2.6 for Sun Solaris and Microsoft Windows
operating systems contains a process that causes a command shell to
automatically be bound to a randomly selected TCP port.
Remote, unauthenticated users are able to connect to the open port and
execute arbitrary commands with 'casuser' privileges on Solaris
systems and with SYSTEM privileges on Windows systems.
See also :
Upgrade to IPM version 2.6 and apply the CSCsj06260 patch.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true
Nessus Plugin ID: 33946 ()
Bugtraq ID: 28249
CVE ID: CVE-2008-1157
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.