Summary

• CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.

  Cisco has released software updates that address this vulnerability.

  There are no workarounds that mitigate this vulnerability.

  This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs.
  
  Note: Effective October 18, 2011, Cisco moved the current list of Cisco Security Advisories and Responses published by Cisco PSIRT. The new location is https://sec.cloudapps.cisco.com/security/center/publicationListing. You can also navigate to this page from the Cisco Products and Services menu of the Cisco Security (SIO) Portal. Following this transition, new Cisco Security Advisories and Responses will be published to the new location. Although the URL has changed, the content of security documents and the vulnerability policy are not impacted. Cisco will continue to disclose security vulnerabilities in accordance with the published Security Vulnerability Policy.

Affected Products

• Vulnerable Products

  This vulnerability affects all versions of CiscoWorks Common Services-based products running on Microsoft Windows

  Common Services version 4.1 and later are not affected by this vulnerability.

  The following CiscoWorks products with the default Common Services installed are affected by this vulnerability, due to their underlying Common Services version:

  • CiscoWorks LAN Management Solution
    
    

    LAN Management Solution Versions	Common Services Versions
    Prior to 3.2 on Microsoft Windows	Various
    3.2 on Microsoft Windows	3.3
    3.2.1 on Microsoft Windows	3.3.1
    4.0 on Microsoft Windows	4.0
    4.0.1 on Microsoft Windows	4.0.1

    Note: CiscoWorks LAN Management Solution versions prior to 3.2 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of CiscoWorks LAN Management Solution.

  • Cisco Security Manager
    
    

    Security Manager Versions	Common Services Versions
    Prior to 3.2	Various
    3.2, 3.2 SP1, 3.2 SP2	3.1
    3.2.1, 3.2.1 SP1	3.1.1
    3.2.2, 3.2.2 SP1, 3.2.2 SP2, 3.2.2 SP3, 3.2.2 SP4	3.2
    3.3, 3.3 SP1, 3.3 SP2	3.2
    3.3.1, 3.3.1 SP1, 3.3.1 SP2, 3.3.1 SP3	3.2
    4.0, 4.0 SP1	3.3
    4.0.1, 4.0.1 SP1	3.3
    4.1	3.3

    Note: Cisco Security Manager versions prior to 3.2 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Security Manager.

  • Cisco Unified Operations Manager
    
    

    Unified Operations Manager Versions	Common Services Versions
    Prior 2.3	Various
    2.3	3.2
    8.0	4.0
    8.5	4.0

    Note: Cisco Unified Operations Manager versions prior to 2.3 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Unified Operations Manager.

  • Cisco Unified Service Monitor
    
    

    Unified Operations Monitor Versions	Common Services Versions
    Prior to 2.2	Various
    2.2	3.2
    2.3	3.2
    8.0	4.0
    8.5	4.0

    Note: Cisco Unified Service Monitor versions prior to 2.2 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Unified Service Monitor.

  • CiscoWorks Quality of Service Policy Manager
    
    

    Quality of Service Policy Manager Versions	Common Services Versions
    Prior to 4.1 on Microsoft Windows	Various
    4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6 on Microsoft Windows	3.2

    Note: CiscoWorks Quality of Service (QoS) Policy Manager versions prior to 4.1 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of CiscoWorks QoS Policy Manager.

  • CiscoWorks Voice Manager
    
    

    Voice Manager Versions	Common Services Versions
    Prior to 3.0 on Microsoft Windows	Various
    3.0 on Microsoft Windows	3.0.2
    3.1 on Microsoft Windows	3.0.2
    3.2 on Microsoft Windows	3.3

    Note: CiscoWorks Voice Manager versions prior to 3.0 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of CiscoWorks Voice Manager.

  
  

  Products Confirmed Not Vulnerable

  All versions of CiscoWorks Common Services-based products running on Solaris are not affected by this vulnerability.

  CiscoWorks Common Services versions 4.1 and later are not affected by this vulnerability.

  The following products are also confirmed not vulnerable:

  • Cisco Prime LAN Management Solution versions 4.1 and later
  • Cisco Security Manager versions 4.2 and later
  • Cisco Unified Operations Manager 8.6 and later
  • Cisco Unified Service Monitor 8.6 and later
  • Any version of CiscoWorks LAN Management Solution running on Solaris
  • Any version of CiscoWorks QoS Policy Manager running on Solaris
  • Any version of CiscoWorks Voice Manager running on Solaris

  No other Cisco products are currently known to be affected by this vulnerability.

Details

• CiscoWorks Common Services is a set of management services that are shared by network management applications in a CiscoWorks solution set.

  CiscoWorks Common Services provides the foundation for CiscoWorks applications to share a common model for data storage, login, user role definitions, access privileges, security protocols, and navigation. It creates a standard user experience for all management functions. It also provides the common framework for all basic system level operations such as installation, data management (including backup-restoration and importing-exporting), event and message handling, job and process management, and software updates.

  CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.
  
  The vulnerability is due to improper input validation in the CiscoWorks Home Page component. An attacker could exploit this vulnerability by sending a specially crafted URL to the affected system. An exploit could allow the attacker to execute arbitrary commands on the affected system with the privileges of a system administrator.

  This vulnerability affects CiscoWorks Common Services running only on Microsoft Windows.

  This vulnerability could be exploited over the default management ports, TCP port 1741 or 443.

  Note: The default management ports can be reconfigured on the server.

  This vulnerability is documented in Cisco bug IDs CSCtq48990 (registered customers only) for Common Services and CiscoWorks LAN Management Solution, CSCtq63992 (registered customers only) for Cisco Security Manager, CSCtq64011 (registered customers only) for Cisco Unified Service Monitor, CSCtq64019 (registered customers only) for Cisco Unified Operations Manager, CSCtr23090 (registered customers only) for CiscoWorks QoS Policy Manager, and CSCtt25535 (registered customers only) for CiscoWorks Voice Manager.
  
  This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3310.

Workarounds

• There are no workarounds for this vulnerability.

Fixed Software

• Cisco has released software updates that address this vulnerability. Prior to deploying software updates, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

  This vulnerability has been resolved in Common Services version 4.1.

  The following tables report the remediation for each affected product and version:

  • CiscoWorks LAN Management Solution
    
    

    LMS Version	Remediation	Location
    3.2	cwcs33-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/type.html?mdfid=282641053&flowid=5150
    3.2.1	cwcs331-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/type.html?mdfid=282641053&flowid=5150
    4.0	LMS40-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/type.html?mdfid=283434800&flowid=19062
    4.0.1	LMS401-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/type.html?mdfid=283434800&flowid=19062

  • Cisco Security Manager
    
    

    CSM Version	Remediation	Location
    3.2. 3.2 SP1, 3.2 SP2	Upgrade to 3.3.1 SP4	-
    3.2.1, 3.2.1 SP1	Upgrade to 3.3.1 SP4	-
    3.2.2, 3.2.2 SP1, 3.2.2 SP2, 3.2.2 SP3, 3.2.2 SP4	Upgrade to 3.3.1 SP4	-
    3.3, 3.3 SP1, 3.3 SP2	Upgrade to 3.3.1 SP4	-
    3.3.1, 3.3.1 SP1, 3.3.1 SP2, 3.3.1 SP3	3.3.1 SP4	http://www.cisco.com/cisco/software/type.html?mdfid=280033778
    4.0, 4.0 SP1	Upgrade to 4.0.1 SP2	-
    4.0.1, 4.0.1 SP1	4.0.1 SP2	http://www.cisco.com/cisco/software/type.html?mdfid=280033778
    4.1	4.1 SP1	http://www.cisco.com/cisco/software/type.html?mdfid=280033778

  • Cisco Unified Operations Manager
    
    

    CUOM Version	Remediation	Location
    2.2	cwcs32-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/type.html?mdfid=282214601&flowid=5149
    2.3	cwcs32-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/type.html?mdfid=282214601&flowid=5149
    8.0	CUOM8.0-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/release.html?mdfid=283112898&flowid=20421&softwareid=282790483
    8.5	CUOM8.5-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/release.html?mdfid=283749793&flowid=24321&softwareid=282790483

  • Cisco Unified Service Monitor
    
    

    CUSM Version	Remediation	Location
    2.2	cwcs32-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/type.html?mdfid=282214601&flowid=5149
    2.3	cwcs32-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/type.html?mdfid=282214601&flowid=5149
    8.0	CUSM8.0-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/release.html?mdfid=283315738&flowid=20461&softwareid=282773198
    8.5	CUSM8.5-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/release.html?mdfid=283749795&flowid=24323&softwareid=282801893

  • CiscoWorks QoS Policy Manager
    
    

    QPM Version	Remediation	Location
    4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6	cwcs32-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/type.html?mdfid=282214601&flowid=5149

  • CiscoWorks Voice Manager
    
    

    CWVM Version	Remediation	Location
    3.0 and 3.1	Upgrade to 3.2 and apply the patch	-
    3.2	cwcs33-win-Oct2011-su1-0.zip	http://www.cisco.com/cisco/software/type.html?mdfid=282641053&flowid=5150

  When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.

  In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.

  
  

Exploitation and Public Announcements

• The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.

  This vulnerability was reported to Cisco by Noam Rathaus from Beyond Security.

URL

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs

Revision History

• Revision 1.0	2011-October-19	Initial public release

  Show Less