CiscoWorks Common Services Arbitrary Code Execution (cisco-sa-20101027-cs)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application installed that is affected
by an arbitrary code execution vulnerability.

Description :

The version of CiscoWorks Common Services installed on the remote
Windows host is potentially affected by multiple buffer overflows in
the Cisco developed authentication code of the web server module. By
exploiting these flaws, a remote, unauthenticated attacker could
execute arbitrary code subject to the privileges of the user running
the affected application.

See also :

http://www.cisco.com/en/US/products/csa/cisco-sa-20101027-cs.html

Solution :

Apply the relevant patch from the advisory or upgrade to CiscoWorks
Common Services 4.0 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 69469 ()

Bugtraq ID: 44468

CVE ID: CVE-2010-3036

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now