Remote Code Execution in Cisco Security Agent Management Console
CVE-2011-0364

Currently unrated

Key Information:

Vendor: Cisco
Status: Security Agent
Vendor: CVE Published:; 19 February 2011

What is CVE-2011-0364?

The Management Console (webagent.exe) of Cisco Security Agent versions 5.1, 5.2, and 6.0 prior to 6.0.2.145 is susceptible to remote code execution. This flaw allows remote attackers to craft malicious st_upload requests, leading to the ability to create arbitrary files and execute code on the affected system. Proper mitigation strategies should be implemented to safeguard against such unauthorized actions.

References

http://securityreason.com/securityalert/8197

third-party-advisoryx_refsource_SREASON

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id?1025088

vdb-entryx_refsource_SECTRACK

EPSS Score

15% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2011
Vulnerability Reserved
Jan 7, 2011