Remote Command Execution in CiscoWorks Internetwork Performance Monitor by Cisco
CVE-2008-1157

Currently unrated

Key Information:

Vendor: Cisco
Status: Ciscoworks Internetwork Performance Monitor
Vendor: CVE Published:; 14 March 2008

What is CVE-2008-1157?

The vulnerability in CiscoWorks Internetwork Performance Monitor (IPM) 2.6 allows attackers to execute arbitrary commands on the affected system. This is achieved through the creation of a process that can open a command shell, which subsequently listens on a randomly chosen TCP port. As a result, unauthorized users may gain control over the device, significantly compromising network security and integrity. It is crucial for users of Cisco IPM to apply recommended patches and employ security measures to mitigate the risks associated with this vulnerability.

References

http://www.cisco.com/warp/public/707/cisco-sa-20080313-ip...

vendor-advisoryx_refsource_CISCO

http://www.vupen.com/english/advisories/2008/0876/references

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/41208

vdb-entryx_refsource_XF

EPSS Score

9% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2008
Vulnerability Reserved
Mar 5, 2008