Detections
Analytics

Management Center for Cisco Security Agents Remote Code Execution (cisco-sa-20110216-csa)

critical Nessus Plugin ID 69953

Language:

Synopsis

The remote host has an endpoint security application installed that is potentially affected by a remote code execution vulnerability.

Description

According to the version identified on the Management Center for Cisco Agents web interface, the remote host is potentially affected by a remote code execution vulnerability. This is due to the 'webagent.exe' script failing to properly process POST request parameters. A remote, unauthenticated attacker can exploit this issue by creating an arbitrary file with a crafted 'st_upload' request, which the attacker could use to execute arbitrary code on the remote host.

Solution

Upgrade to Cisco Security Agent 6.0.2.145 or later, or apply the workaround specified in the vendor advisory.

See Also

https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20110216-csa.html

Plugin Details

Severity: Critical

ID: 69953

File Name: cisco_csa_management_center_sa20110216.nasl

Version: 1.6

Type: remote

Family: CISCO

Published: 9/18/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:cisco:security_agent

Required KB Items: www/cisco_security_agent

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/16/2011

Vulnerability Publication Date: 2/16/2011

Reference Information

CVE: CVE-2011-0364

BID: 46420

CISCO-SA: cisco-sa-20110216-csa

CISCO-BUG-ID: CSCtj51216