---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. Learn more: http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: CiscoWorks Common Services Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA30422 VERIFY ADVISORY: http://secunia.com/advisories/30422/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: CiscoWorks Common Services Software 3.x http://secunia.com/product/6330/ Cisco Unified Operations Manager (CUOM) 1.x http://secunia.com/product/18835/ Cisco Unified Operations Manager (CUOM) 2.x http://secunia.com/product/18836/ Cisco Unified Service Monitor (CUSM) 1.x http://secunia.com/product/18837/ Cisco Unified Service Monitor (CUSM) 2.x http://secunia.com/product/18838/ CiscoWorks QoS Policy Manager (QPM) 4.x http://secunia.com/product/18839/ CiscoWorks LAN Management Solution (LMS) 2.x http://secunia.com/product/18840/ CiscoWorks LAN Management Solution (LMS) 3.x http://secunia.com/product/18841/ Cisco Security Manager (CSM) 3.x http://secunia.com/product/18842/ Cisco TelePresence Readiness Assessment Manager (CTRAM) 1.x http://secunia.com/product/18843/ DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error in CiscoWorks Common Services, which can be exploited to execute arbitrary code via a specially crafted URL. The vulnerability is reported in CiscoWorks Common Services versions 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1, and 3.1.1. Please see the vendor's advisory for a complete list of products that are affected by this vulnerability. NOTE: CiscoWorks Voice Manager (CVM) and Cisco Unified Intelligent Contact Management (ICM) may also be affected if their underlying Common Services versions were upgraded. SOLUTION: Update to CiscoWorks Common Services version 3.2 or apply patches. http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one Solaris: Apply cwcs3.x-sol-CSCsm77245-0.tar.gz Windows: Apply cwcs3.x-win-CSCsm77245-0.zip PROVIDED AND/OR DISCOVERED BY: Dave Lewis, Liquidmatrix.org ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20080528-cw.shtml Liquidmatrix.org: http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------