RCE in Cisco Ciscoworks_common_services

CVE-2011-3310

The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Polic…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.273 (96.5th percentile) — read the EPSS interpretation.

Affected products

Cisco Ciscoworks_common_services — versions 2.2, 3.0.5, 3.0.6
Microsoft Windows
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
50284 (vdb-entry, x_refsource_BID)
46533 (x_refsource_SECUNIA, third-party-advisory)
ciscoworks-common-services-command-exec(70759) (vdb-entry, x_refsource_XF)