PT-2011-2293 · Cisco · Cisco Security Agent

Gerry Eisenhaur

Published

2011-02-16

Updated

2018-10-10

CVE-2011-0364

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Security Agent versions 5.1 through 6.0 before 6.0.2.145 Cisco Security Agent version 6.0 before 6.0.2.145

Description The issue allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted "st upload" request.

Recommendations For Cisco Security Agent versions 5.1 through 6.0 before 6.0.2.145, update to version 6.0.2.145 or later to resolve the issue. For Cisco Security Agent version 6.0 before 6.0.2.145, update to version 6.0.2.145 or later to resolve the issue.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2011-0364

ZDI-11-088

Affected Products

Cisco Security Agent

PT-2011-2293 · Cisco · Cisco Security Agent

CVE-2011-0364

Weakness Enumeration

Related Identifiers

Affected Products

References · 15