CiscoWorks Common Services Arbitrary Code Execution (cisco-sa-20101027-cs)
Critical Nessus Plugin ID 69469
SynopsisThe remote Windows host has an application installed that is affected by an arbitrary code execution vulnerability.
DescriptionThe version of CiscoWorks Common Services installed on the remote Windows host is potentially affected by multiple buffer overflows in the Cisco developed authentication code of the web server module. By exploiting these flaws, a remote, unauthenticated attacker could execute arbitrary code subject to the privileges of the user running the affected application.
SolutionApply the relevant patch from the advisory or upgrade to CiscoWorks Common Services 4.0 or later.