CiscoWorks Remote Command Shell?

A vulnerability has been reported in CiscoWorks Internetwork Performance Monitor.   The vulnerability appears to be the result of a command shell bound to a random port. The could be exploited  to execute commands on the system. Cisco has released patch IPM version 2.6 CSCsj06260.

A cross site scripting vulnerability has been reported in Nagios. From the description, it appears to be a reflective XSS, but further information is unavailable at this time. We also do not have the input fields that are vulnerable.  Versions prior to 2.11 are vulnerable. Please apply version 2.11 if you are running Nagios.

1 thought on “CiscoWorks Remote Command Shell?

  1. Pingback: MSI :: State of Security » An Ouchie for “The Self Defending Network”

Leave a Reply