The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/46533 - | |
References | () http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/50284 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/70759 - |
Information
Published : 2011-10-20 00:55
Updated : 2024-11-21 01:30
NVD link : CVE-2011-3310
Mitre link : CVE-2011-3310
CVE.ORG link : CVE-2011-3310
JSON object : View
Products Affected
cisco
- ciscoworks_common_services
microsoft
- windows
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')