CVE-2011-3310
published 2011-10-20CVE-2011-3310: The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco…
PriorityP260critical9CVSS 2.0
AVNACLAuSCCICAC
EPSS
15.16%
96.3th percentile
The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ciscoworks_common_services | <= 4.0.1 | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a crafted URL sent by a remote authenticated user to the Home Page component of CiscoWorks Common Services on Windows; monitor for anomalous or unexpected URL patterns targeting this component ↗
- →Successful exploitation grants SYSTEM-level privileges; alert on CiscoWorks processes spawning unexpected child processes or executing OS commands ↗
- ·Vulnerability affects CiscoWorks Common Services versions before 4.1 on Windows only; non-Windows deployments are not affected ↗
- ·Multiple Cisco products share this vulnerable component; all should be assessed: CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager ↗
- ·There are no workarounds available; patching to Common Services 4.1 or later is the only mitigation ↗
- ·Tracked under multiple Cisco Bug IDs: CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, CSCtt25535 ↗
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
CiscoWorks Common Services Arbitrary Command Execution Vulnerability
vendor_cisco·2011-10-19·CVSS 9.0
CVE-2011-3310 [CRITICAL] CiscoWorks Common Services Arbitrary Command Execution Vulnerability
CiscoWorks Common Services Arbitrary Command Execution Vulnerability
CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.
Cisco has released software updates that address this vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs.
Note:��Effective October 18, 2011, Cisco moved the current list of Cisco Security Advisories and Responses published by Cisco PSIRT. The new location is https://sec.cloudapps.cisco.com/security/center/publicationListing. You can also navigate to thi
Cisco
CiscoWorks Common Services Arbitrary Command Execution Vulnerability
vendor_cisco
CVE-2011-3310 CiscoWorks Common Services Arbitrary Command Execution Vulnerability
CVE-2011-3310: CiscoWorks Common Services Arbitrary Command Execution Vulnerability
CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator. Cisco has released software updates that address this vulnerability. There are no
Bug IDs: CSCtq48990, CSCtq63992, CSCtq64011, CSCtq48990, CSCtq63992
GHSA
GHSA-qr2h-w42m-wrfm: The Home Page component in Cisco CiscoWorks Common Services before 4
ghsa_unreviewed·2022-05-17
CVE-2011-3310 [HIGH] CWE-94 GHSA-qr2h-w42m-wrfm: The Home Page component in Cisco CiscoWorks Common Services before 4
The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/46533http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cshttp://www.securityfocus.com/bid/50284https://exchange.xforce.ibmcloud.com/vulnerabilities/70759http://secunia.com/advisories/46533http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cshttp://www.securityfocus.com/bid/50284https://exchange.xforce.ibmcloud.com/vulnerabilities/70759
2011-10-20
Published