AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C
-
CiscoWorks Common Services contains a vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files.
Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090520-cw.
-
Vulnerable Products
Products that have TFTP services enabled and that run CiscoWorks Common Services versions 3.0.x, 3.1.x, and 3.2.x are vulnerable. Only CiscoWorks Common Services systems running on Microsoft Windows operating systems are affected.
The following Cisco products that use CiscoWorks Common Services as their base are affected by this vulnerability.
-
Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and
2.1
-
CiscoWorks QoS Policy Manager versions 4.0 and 4.1
-
CiscoWorks LAN Management Solution versions 2.5, 2.6, 3.0, 3.0.1 and
3.1
-
Cisco Security Manager versions 3.0, 3.1, and 3.2
-
Cisco TelePresence Readiness Assessment Manager version
1.0
-
CiscoWorks Voice Manager versions 3.0 and 3.1
-
CiscoWorks Health and Utilization Monitor versions 1.0 and
1.1
-
Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and
2.1
The Solaris version of CiscoWorks Common Services is not affected by this vulnerability.
The TFTP service is enabled by default. To verify that the TFTP service is running connect to the CiscoWorks interface and choose Start > Settings > Control Panel > Administrative Tools > Services to access the Services window. The name of the service is CWCS tftp service.
Note: Administrators can also issue the tasklist/svc Microsoft Windows command to list the services that are running on the system.
Products Confirmed Not Vulnerable
Products that do not use CiscoWorks Common Services versions 3.0.x, 3.1.x, and 3.2.x or that do not have TFTP services enabled are not vulnerable. The Solaris version of CiscoWorks Common Services is not affected by this vulnerability. No other Cisco products are currently known to be affected by this vulnerability.
-
Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and
2.1
-
CiscoWorks Common Services represents a common set of management services that is shared by CiscoWorks applications. CiscoWorks is a family of products based on Internet standards for managing networks and devices. Many CiscoWorks products use and depend on Common Services.
CiscoWorks Common Services contains a TFTP directory traversal vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files.
Note: Only CiscoWorks Common Services systems that run on Microsoft Windows operating systems are vulnerable. The Solaris version of CiscoWorks Common Services is not affected by this vulnerability.
This vulnerability is documented in Cisco Bug ID CSCsx07107 ( registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2009-1161.
-
To mitigate this vulnerability, administrators can disable TFTP services by completing the following steps:
Step 1. Choose Start > Settings > Control Panel > Administrative Tools > Services to access the Services window.
Step 2. Right-click CWCS tftp service and select Properties.
Step 3. Set the Startup Type to Disabled.
Step 4. Click the Stop button to stop the TFTP service.
Note: Disabling TFTP services may impact the functionality of some of the CiscoWorks components.
Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link:
-
Cisco has released software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
This vulnerability has been corrected in the following CiscoWorks Common Services software patch:
cwcs3.x-win-CSCsx07107-0.zip
The CiscoWorks Common Services patch can be downloaded from the following link:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
-
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
This vulnerability was found during the resolution of customer service requests.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.0
2009-May-20
Initial public release
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.