CVE-2008-1157
published 2008-03-14CVE-2008-1157: Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which…
PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
20.67%
97.2th percentile
Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ciscoworks_internetwork_performance_monitor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected processes spawning a command shell (e.g., cmd.exe or /bin/sh) as a child of the CiscoWorks IPM process, listening on a randomly chosen TCP port. ↗
- →Alert on inbound TCP connections to non-standard/random high ports on hosts running CiscoWorks IPM 2.6, particularly where the connection results in shell command execution. ↗
- →No authentication is required to exploit this vulnerability; treat any unauthenticated remote connection to the backdoor shell port as a high-severity incident. ↗
- ·The backdoor TCP port is randomly chosen at process creation time, making static port-based blocking insufficient; behavioral detection (process spawning a shell bound to a network socket) is required. ↗
- ·The vulnerability affects both Sun Solaris and Microsoft Windows deployments of CiscoWorks IPM 2.6, so detection logic must cover both platforms. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
CiscoWorks Internetwork Performance Monitor Remote Command Execution Vulnerability
vendor_cisco
CVE-2008-1157 CiscoWorks Internetwork Performance Monitor Remote Command Execution Vulnerability
CVE-2008-1157: CiscoWorks Internetwork Performance Monitor Remote Command Execution Vulnerability
CiscoWorks Internetwork Performance Monitor (IPM) version 2.6 for Sun Solaris and Microsoft Windows operating systems contains a vulnerability that allows remote, unauthenticated users to execute arbitrary commands. There are no
Bug IDs: CSCsj06260, CSCsj06260
GHSA
GHSA-23g5-g5wv-6wr9: Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2
ghsa_unreviewed·2022-05-01
CVE-2008-1157 [HIGH] CWE-20 GHSA-23g5-g5wv-6wr9: Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2
Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/29376http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtmlhttp://www.securityfocus.com/bid/28249http://www.securitytracker.com/id?1019611http://www.vupen.com/english/advisories/2008/0876/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41208http://secunia.com/advisories/29376http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtmlhttp://www.securityfocus.com/bid/28249http://www.securitytracker.com/id?1019611http://www.vupen.com/english/advisories/2008/0876/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41208
2008-03-14
Published