Cisco CiscoWorks Internetwork Performance Monitor Remote Command Execution

critical Nessus Plugin ID 33946

Synopsis

The remote service allows execution of arbitrary commands.

Description

CiscoWorks Internetwork Performance Monitor (IPM) is a troubleshooting application that gauges network response time and availability. It is available as a component within the CiscoWorks LAN Management Solution (LMS) bundle.

CiscoWorks IPM version 2.6 for Sun Solaris and Microsoft Windows operating systems contains a process that causes a command shell to automatically be bound to a randomly selected TCP port.

Remote, unauthenticated users are able to connect to the open port and execute arbitrary commands with 'casuser' privileges on Solaris systems and with SYSTEM privileges on Windows systems.

Solution

Upgrade to IPM version 2.6 and apply the CSCsj06260 patch.

See Also

http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml

http://www.cisco.com/pcgi-bin/tablebuild.pl/ipm-sol?psrtdcat20e2

Plugin Details

Severity: Critical

ID: 33946

File Name: ciscoworks_ipm.nbin

Version: 1.73

Type: remote

Family: CISCO

Published: 8/19/2008

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/13/2008

Vulnerability Publication Date: 3/13/2008

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-1157

BID: 28249

CWE: 20