Arbitrary Command Execution Vulnerability in CiscoWorks Common Services
CVE-2011-3310

Currently unrated

Key Information:

Vendor: Cisco
Status: Ciscoworks Common Services; Windows
Vendor: CVE Published:; 20 October 2011

Summary

The Home Page component in CiscoWorks Common Services prior to version 4.1 on Windows contains a vulnerability that enables remote authenticated users to execute arbitrary commands through specially crafted URLs. This exposure poses significant security risks to affected systems, as it can potentially be exploited to gain unauthorized access or control over critical network infrastructure. Various Cisco solutions, including LAN Management Solution and Unified Operations Manager, are impacted, necessitating prompt remediation for affected installations.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/50284

vdb-entryx_refsource_BID

http://secunia.com/advisories/46533

third-party-advisoryx_refsource_SECUNIA

EPSS Score

27% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 20, 2011
Vulnerability Reserved
Aug 29, 2011