Name: CiscoWorks Arbitrary Code Execution Vulnerability
Release Date: 28 May 2008
Discover: Dave Lewis
CVE Number: CVE-2008-2054
Vendor: Cisco Systems
Systems Affected: CiscoWorks Common Services (various versions): Cisco Unified Operations Manager (CUOM), Cisco Unified Service Monitor (CUSM), CiscoWorks QoS Policy Manager (QPM), CiscoWorks LAN Management Solution (LMS), Cisco Security Manager (CSM), Cisco TelePresence Readiness Assessment Manager (CTRAM)
Status: Published (Vendor Confirmed, Patch Available)
CiscoWorks Common Services versions 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1, and 3.1.1 contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with elevated privileges.
This vulnerability exists due to an unspecified error in CiscoWorks Common Services. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code resulting in complete system compromise.
Impact: Arbitrary code execution with elevated privileges. Fire bad.
Discovered: 14 February 2008
Reported: 14 February 2008
Fixed: 22 April 2008
Patch Release: 28 May 2008
Published: 28 May 2008
The vulnerability exists due to an unspecified error in CiscoWorks Common Services when it processes attacker-supplied URLs. An unauthenticated, remote attacker could exploit this vulnerability through unspecified means to execute arbitrary code with elevated privileges.
This issue has now been resolved.
The patch may be obtained from:
I would like to thank Cisco for their professional response to this issue.
Liquidmatrix Security Digest
2255B Queen Street East