CVE-2011-3310

Published Oct 20, 2011

Last updated a month ago

CVSS info 9.0

Overview

Description: The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.
Source: psirt@cisco.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F01A8CAF-9C03-443F-B544-66E664B5EAEF",
            "versionEndIncluding": "4.0.1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88AD3EC2-36B1-4E34-BD7F-B1D02B32178A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CC9C408-0BE2-45A6-ACB3-B9EBB22BC773"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "499CD64C-8692-4BE7-8F5E-5964ACDA1972"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2152A29-7074-4659-AA8A-BB3E793ED4A6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "518309CD-F453-4B0B-8C1D-E534CE0E336B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22DE1462-59AC-40BE-89DF-AB43CA3EC7BE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References