Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0364

CWE-94 — Code Injection5 documents5 sources

Severity

10.0CRITICAL

EPSS

13.1%

top 5.88%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Security Agent

Timeline

PublishedFeb 19

Latest updateMay 14

Description

The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/security_agent5.1, 5.2, 6.0+2

🔴Vulnerability Details

GHSA

GHSA-rj3f-292m-phwf: The Management Console (webagent↗2022-05-14

▶

CVEList

CVE-2011-0364: The Management Console (webagent↗2011-02-18

▶

💥Exploits & PoCs

Exploit-DB

Cisco Security Agent Management Console - 'st_upload' Remote Code Execution↗2011-04-12

▶

📋Vendor Advisories

Cisco

Management Center for Cisco Security Agent Remote Code Execution Vulnerability↗2011-02-16

▶