Boletines de Vulnerabilidades

int(5541)

Boletines de Vulnerabilidades

Elevación de privilegios en CiscoWorks Common Services
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Obtener acceso
Dificultad	Experto
Requerimientos del atacante	Acceso remoto sin cuenta a un servicio estandar
Información sobre el sistema
Propiedad	Valor
Fabricante afectado	Networking
Software afectado	Cisco Unified Operations Manager 2.0.1 Cisco Unified Operations Manager 2.0.2 Cisco Unified Operations Manager 2.0.3 Cisco Unified Service Monitor 2.0.1 CiscoWorks QoS Policy Manager 4.0, 4.0.1 y 4.0.2 CiscoWorks LAN Management 2.6 Update CiscoWorks LAN Management 3.0 CiscoWorks LAN Management 3.0 CiscoWorks LAN Management 3.1 CiscoWorks LAN Management 3.2 Cisco Security Manager 3.0.2 Cisco Security Manager 3.1 y 3.1.1 Cisco Security Manager 3.2 Cisco TelePresence Readiness Assessment Manager 1.0
Descripción
CVE-2010-3036: Se ha descubierto una vulnerabilidad en CiscoWorks Common Services. Un atacante remoto podría ejecutar código arbitrario en un dispositivo host con privilegios de administrador mediante métodos no especificados.
Solución
Actualización de software Cisco CiscoWorks Common Services v 4.0 http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=268439477 Cisco CiscoWorks Common Services 3.3 CiscoWorks Common Services 3.1.x CiscoWorks Common Services 3.0.6 http://www.cisco.com/cisco/software/navigator.html?mdfid=268439477&i=rp
Identificadores estándar
Propiedad	Valor
CVE	CVE-2010-3036
BID
Recursos adicionales
Cisco Security Advisory (cisco-sa-20101027) http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml Cisco Security Advisory (cisco-sa-20101027-cs) http://www.cisco.com/warp/public/707/cisco-sa-20101027-cs.shtml