AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
-
CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.
Cisco has released software updates that address this vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs.
Note: Effective October 18, 2011, Cisco moved the current list of Cisco Security Advisories and Responses published by Cisco PSIRT. The new location is https://sec.cloudapps.cisco.com/security/center/publicationListing. You can also navigate to this page from the Cisco Products and Services menu of the Cisco Security (SIO) Portal. Following this transition, new Cisco Security Advisories and Responses will be published to the new location. Although the URL has changed, the content of security documents and the vulnerability policy are not impacted. Cisco will continue to disclose security vulnerabilities in accordance with the published Security Vulnerability Policy.
-
Vulnerable Products
This vulnerability affects all versions of CiscoWorks Common Services-based products running on Microsoft Windows
Common Services version 4.1 and later are not affected by this vulnerability.
The following CiscoWorks products with the default Common Services installed are affected by this vulnerability, due to their underlying Common Services version:
- CiscoWorks LAN Management Solution
LAN Management Solution Versions Common Services Versions Prior to 3.2 on Microsoft Windows Various 3.2 on Microsoft Windows 3.3 3.2.1 on Microsoft Windows 3.3.1 4.0 on Microsoft Windows 4.0 4.0.1 on Microsoft Windows 4.0.1 Note: CiscoWorks LAN Management Solution versions prior to 3.2 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of CiscoWorks LAN Management Solution.
- Cisco Security Manager
Security Manager Versions Common Services Versions Prior to 3.2 Various 3.2, 3.2 SP1, 3.2 SP2 3.1 3.2.1, 3.2.1 SP1 3.1.1 3.2.2, 3.2.2 SP1, 3.2.2 SP2, 3.2.2 SP3, 3.2.2 SP4 3.2 3.3, 3.3 SP1, 3.3 SP2 3.2 3.3.1, 3.3.1 SP1, 3.3.1 SP2, 3.3.1 SP3 3.2 4.0, 4.0 SP1 3.3 4.0.1, 4.0.1 SP1 3.3 4.1 3.3 Note: Cisco Security Manager versions prior to 3.2 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Security Manager.
- Cisco Unified Operations Manager
Unified Operations Manager Versions Common Services Versions Prior 2.3 Various 2.3 3.2 8.0 4.0 8.5 4.0 Note: Cisco Unified Operations Manager versions prior to 2.3 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Unified Operations Manager.
- Cisco Unified Service Monitor
Unified Operations Monitor Versions Common Services Versions Prior to 2.2 Various 2.2 3.2 2.3 3.2 8.0 4.0 8.5 4.0 Note: Cisco Unified Service Monitor versions prior to 2.2 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Unified Service Monitor.
- CiscoWorks Quality of Service Policy Manager
Quality of Service Policy Manager Versions Common Services Versions Prior to 4.1 on Microsoft Windows Various 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6 on Microsoft Windows 3.2 Note: CiscoWorks Quality of Service (QoS) Policy Manager versions prior to 4.1 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of CiscoWorks QoS Policy Manager.
- CiscoWorks Voice Manager
Voice Manager Versions Common Services Versions Prior to 3.0 on Microsoft Windows Various 3.0 on Microsoft Windows 3.0.2 3.1 on Microsoft Windows 3.0.2 3.2 on Microsoft Windows 3.3 Note: CiscoWorks Voice Manager versions prior to 3.0 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of CiscoWorks Voice Manager.
Products Confirmed Not Vulnerable
All versions of CiscoWorks Common Services-based products running on Solaris are not affected by this vulnerability.
CiscoWorks Common Services versions 4.1 and later are not affected by this vulnerability.
The following products are also confirmed not vulnerable:
- Cisco Prime LAN Management Solution versions 4.1 and later
- Cisco Security Manager versions 4.2 and later
- Cisco Unified Operations Manager 8.6 and later
- Cisco Unified Service Monitor 8.6 and later
- Any version of CiscoWorks LAN Management Solution running on Solaris
- Any version of CiscoWorks QoS Policy Manager running on Solaris
- Any version of CiscoWorks Voice Manager running on Solaris
No other Cisco products are currently known to be affected by this vulnerability.
- CiscoWorks LAN Management Solution
-
CiscoWorks Common Services is a set of management services that are shared by network management applications in a CiscoWorks solution set.
CiscoWorks Common Services provides the foundation for CiscoWorks applications to share a common model for data storage, login, user role definitions, access privileges, security protocols, and navigation. It creates a standard user experience for all management functions. It also provides the common framework for all basic system level operations such as installation, data management (including backup-restoration and importing-exporting), event and message handling, job and process management, and software updates.
CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.
The vulnerability is due to improper input validation in the CiscoWorks Home Page component. An attacker could exploit this vulnerability by sending a specially crafted URL to the affected system. An exploit could allow the attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.This vulnerability affects CiscoWorks Common Services running only on Microsoft Windows.
This vulnerability could be exploited over the default management ports, TCP port 1741 or 443.
Note: The default management ports can be reconfigured on the server.
This vulnerability is documented in Cisco bug IDs CSCtq48990 (registered customers only) for Common Services and CiscoWorks LAN Management Solution, CSCtq63992 (registered customers only) for Cisco Security Manager, CSCtq64011 (registered customers only) for Cisco Unified Service Monitor, CSCtq64019 (registered customers only) for Cisco Unified Operations Manager, CSCtr23090 (registered customers only) for CiscoWorks QoS Policy Manager, and CSCtt25535 (registered customers only) for CiscoWorks Voice Manager.
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3310.
-
There are no workarounds for this vulnerability.
-
Cisco has released software updates that address this vulnerability. Prior to deploying software updates, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
This vulnerability has been resolved in Common Services version 4.1.
The following tables report the remediation for each affected product and version:
-
CiscoWorks LAN Management Solution
LMS Version Remediation Location 3.2 cwcs33-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/type.html?mdfid=282641053&flowid=5150 3.2.1 cwcs331-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/type.html?mdfid=282641053&flowid=5150 4.0 LMS40-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/type.html?mdfid=283434800&flowid=19062 4.0.1 LMS401-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/type.html?mdfid=283434800&flowid=19062 -
Cisco Security Manager
CSM Version Remediation Location 3.2. 3.2 SP1, 3.2 SP2 Upgrade to 3.3.1 SP4 - 3.2.1, 3.2.1 SP1 Upgrade to 3.3.1 SP4 - 3.2.2, 3.2.2 SP1, 3.2.2 SP2, 3.2.2 SP3, 3.2.2 SP4 Upgrade to 3.3.1 SP4 - 3.3, 3.3 SP1, 3.3 SP2 Upgrade to 3.3.1 SP4 - 3.3.1, 3.3.1 SP1, 3.3.1 SP2, 3.3.1 SP3 3.3.1 SP4 http://www.cisco.com/cisco/software/type.html?mdfid=280033778 4.0, 4.0 SP1 Upgrade to 4.0.1 SP2 - 4.0.1, 4.0.1 SP1 4.0.1 SP2 http://www.cisco.com/cisco/software/type.html?mdfid=280033778 4.1 4.1 SP1 http://www.cisco.com/cisco/software/type.html?mdfid=280033778 -
Cisco Unified Operations Manager
CUOM Version Remediation Location 2.2 cwcs32-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/type.html?mdfid=282214601&flowid=5149 2.3 cwcs32-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/type.html?mdfid=282214601&flowid=5149 8.0 CUOM8.0-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/release.html?mdfid=283112898&flowid=20421&softwareid=282790483 8.5 CUOM8.5-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/release.html?mdfid=283749793&flowid=24321&softwareid=282790483 -
Cisco Unified Service Monitor
CUSM Version Remediation Location 2.2 cwcs32-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/type.html?mdfid=282214601&flowid=5149 2.3 cwcs32-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/type.html?mdfid=282214601&flowid=5149 8.0 CUSM8.0-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/release.html?mdfid=283315738&flowid=20461&softwareid=282773198 8.5 CUSM8.5-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/release.html?mdfid=283749795&flowid=24323&softwareid=282801893 -
CiscoWorks QoS Policy Manager
QPM Version Remediation Location 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6 cwcs32-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/type.html?mdfid=282214601&flowid=5149 -
CiscoWorks Voice Manager
CWVM Version Remediation Location 3.0 and 3.1 Upgrade to 3.2 and apply the patch - 3.2 cwcs33-win-Oct2011-su1-0.zip http://www.cisco.com/cisco/software/type.html?mdfid=282641053&flowid=5150
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
-
CiscoWorks LAN Management Solution
-
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
This vulnerability was reported to Cisco by Noam Rathaus from Beyond Security.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.0 2011-October-19 Initial public release
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.