发布日期：2011-10-20
更新日期：2011-10-20

受影响系统：

Cisco Security Manager 4.x
Cisco Security Manager 3.x
Cisco Unified Operations Manager (CUOM) 8.x
Cisco Unified Operations Manager (CUOM) 2.x
Cisco CiscoWorks Voice Manager 3.x
Cisco CiscoWorks QoS Policy Manager 4.x

不受影响系统：

Cisco Security Manager 4.1 SP1
Cisco Security Manager 4.0.1 SP2
Cisco Security Manager 3.3.1 SP4

描述：

---

BUGTRAQ  ID: 50284
CVE ID: CVE-2011-3310

CiscoWorks Common Services是CiscoWorks应用所共享的通用管理服务集。

CiscoWorks Common Services在实现上存在远程命令注入漏洞，远程攻击者可利用此漏洞在下层操作系统上以系统级别的权限执行任意命令。

此漏洞源于CiscoWorks Home Page组件中的错误输入验证。其思科Bug ID为CSCtq48990、CSCtq63992、CSCtq64011、CSCtq64019、CSCtr23090和CSCtt25535 。

受到影响的应用包括：
CiscoWorks LAN Management Solution
Security Manager
Unified Operations Manager
Unified Service Monitor
CiscoWorks QoS Policy Manager
CiscoWorks Voice Manager

<*来源：Noam Rathaus （noamr@beyondsecurity.com）
  
  链接：http://seclists.org/fulldisclosure/2011/Oct/723
        http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20111019-cs）以及相应补丁:

cisco-sa-20111019-cs：CiscoWorks Common Services Arbitrary Command Execution Vulnerability

链接：http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs

浏览次数：2571
严重程度：0（网友投票）