Vulnerability Name:

CVE-2011-3310 (CCN-70759)

Assigned:2011-10-19
Published:2011-10-19
Updated:2017-08-29
Summary:The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-3310

Source: CCN
Type: SA46533
CiscoWorks Common Services Home Page Component Command Injection Vulnerability

Source: SECUNIA
Type: UNKNOWN
46533

Source: CCN
Type: cisco-sa-20111019-cs
CiscoWorks Common Services Arbitrary Command Execution Vulnerability

Source: CISCO
Type: Vendor Advisory
20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability

Source: CCN
Type: OSVDB ID: 76565
CiscoWorks Common Services Home Page Component Unspecified URI Shell Command Execution

Source: BID
Type: UNKNOWN
50284

Source: CCN
Type: BID-50284
CiscoWorks Common Services Remote Command Injection Vulnerability

Source: XF
Type: UNKNOWN
ciscoworks-common-services-command-exec(70759)

Source: XF
Type: UNKNOWN
ciscoworks-common-services-command-exec(70759)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_common_services:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_common_services:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_common_services:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_common_services:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_common_services:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_common_services:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_common_services:*:*:*:*:*:*:*:* (Version <= 4.0.1)
  • AND
  • cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:security_manager:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:3.2:sp1:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_voice_manager:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_voice_manager:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_lan_management_solution:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_lan_management_solution:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_lan_management_solution:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_service_monitor:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_service_monitor:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_service_monitor:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:unified_service_monitor:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:3.3:sp1:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:3.3:-:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:3.3:sp2:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:4.0:-:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:4.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:3.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:3.2.2:sp1:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:3.2.2:sp2:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:3.2.2:sp3:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:3.2.2:sp4:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:4.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:4.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:cisco:security_manager:4.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco ciscoworks common services 2.2
    cisco ciscoworks common services 3.0.5
    cisco ciscoworks common services 3.0.6
    cisco ciscoworks common services 3.1
    cisco ciscoworks common services 3.1.1
    cisco ciscoworks common services 3.2
    cisco ciscoworks common services 3.3
    cisco ciscoworks common services *
    microsoft windows *
    cisco security manager 3.2
    cisco security manager 3.2 sp1
    cisco security manager 3.2.1
    cisco ciscoworks voice manager 3.0
    cisco ciscoworks voice manager 3.1
    cisco ciscoworks lan management solution 3.2
    cisco ciscoworks lan management solution 4.0
    cisco ciscoworks lan management solution 4.0.1
    cisco unified service monitor 2.2
    cisco unified service monitor 2.3
    cisco unified service monitor 8.0
    cisco unified service monitor 8.5
    cisco security manager 3.3 sp1
    cisco security manager 3.3 -
    cisco security manager 3.3 sp2
    cisco security manager 4.0 -
    cisco security manager 4.0 sp1
    cisco security manager 3.2.2 -
    cisco security manager 3.2.2 sp1
    cisco security manager 3.2.2 sp2
    cisco security manager 3.2.2 sp3
    cisco security manager 3.2.2 sp4
    cisco security manager 4.0.1 -
    cisco security manager 4.0.1 sp1
    cisco security manager 4.1