cbcvebase.
CVE-2008-1157
published 2008-03-14

CVE-2008-1157: Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which…

PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
20.67%
97.2th percentile
Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands.

Affected

1 ranges
VendorProductVersion rangeFixed in
ciscociscoworks_internetwork_performance_monitor

Detection & IOCsextracted from sources · hover to see the quote

versionCiscoWorks IPM 2.6
  • Monitor for unexpected processes spawning a command shell (e.g., cmd.exe or /bin/sh) as a child of the CiscoWorks IPM process, listening on a randomly chosen TCP port.
  • Alert on inbound TCP connections to non-standard/random high ports on hosts running CiscoWorks IPM 2.6, particularly where the connection results in shell command execution.
  • No authentication is required to exploit this vulnerability; treat any unauthenticated remote connection to the backdoor shell port as a high-severity incident.
  • ·The backdoor TCP port is randomly chosen at process creation time, making static port-based blocking insufficient; behavioral detection (process spawning a shell bound to a network socket) is required.
  • ·The vulnerability affects both Sun Solaris and Microsoft Windows deployments of CiscoWorks IPM 2.6, so detection logic must cover both platforms.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.