Management Center for Cisco Security Agents Remote Code Execution (cisco-sa-20110216-csa)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host has an endpoint security application installed that is
potentially affected by a remote code execution vulnerability.

Description :

According to the version identified on the Management Center for Cisco
Agents web interface, the remote host is potentially affected by a
remote code execution vulnerability. This is due to the 'webagent.exe'
script failing to properly process POST request parameters. A remote,
unauthenticated attacker can exploit this issue by creating an arbitrary
file with a crafted 'st_upload' request, which the attacker could use to
execute arbitrary code on the remote host.

See also :

http://www.cisco.com/en/US/products/csa/cisco-sa-20110216-csa.html

Solution :

Upgrade to Cisco Security Agent 6.0.2.145 or later, or apply the
workaround specified in the vendor advisory.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 69953 ()

Bugtraq ID: 46420

CVE ID: CVE-2011-0364