PT-2011-2293 · Cisco · Cisco Security Agent

Gerry Eisenhaur

Publicado

2011-02-16

Atualizado

2018-10-10

CVE-2011-0364

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Security Agent versions 5.1 through 6.0 before 6.0.2.145 Cisco Security Agent version 6.0 before 6.0.2.145

Description The issue allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted "st upload" request.

Recommendations For Cisco Security Agent versions 5.1 through 6.0 before 6.0.2.145, update to version 6.0.2.145 or later to resolve the issue. For Cisco Security Agent version 6.0 before 6.0.2.145, update to version 6.0.2.145 or later to resolve the issue.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2011-0364

ZDI-11-088

Produtos afetados

Cisco Security Agent

PT-2011-2293 · Cisco · Cisco Security Agent

CVE-2011-0364

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15