Remote Code Execution in Cisco Security Agent Management Console
CVE-2011-0364

Currently unrated

Key Information:

Vendor: Cisco
Status: Security Agent
Vendor: CVE Published:; 19 February 2011

Summary

The Management Console (webagent.exe) of Cisco Security Agent versions 5.1, 5.2, and 6.0 prior to 6.0.2.145 is susceptible to remote code execution. This flaw allows remote attackers to craft malicious st_upload requests, leading to the ability to create arbitrary files and execute code on the affected system. Proper mitigation strategies should be implemented to safeguard against such unauthorized actions.

References

http://securityreason.com/securityalert/8197

third-party-advisoryx_refsource_SREASON

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id?1025088

vdb-entryx_refsource_SECTRACK

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 19, 2011
Vulnerability Reserved
Jan 7, 2011