Description
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
Affected products
- Cisco / security_agent5.1 – 5.1
- Cisco / security_agent5.2 – 5.2
- Cisco / security_agent6.0 – 6.0
References
- MISChttp://securityreason.com/securityalert/8197
- VENDOR_ADVISORYhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml
- MISChttp://www.securitytracker.com/id?1025088
- VENDOR_ADVISORYhttp://www.zerodayinitiative.com/advisories/ZDI-11-088
- MISChttp://www.securityfocus.com/archive/1/516505/100/0/threaded
- MISChttp://securityreason.com/securityalert/8205
- VENDOR_ADVISORYhttp://secunia.com/advisories/43383
- MISChttp://securityreason.com/securityalert/8095
- MISChttp://www.securityfocus.com/bid/46420
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0424
- VENDOR_ADVISORYhttp://secunia.com/advisories/43393
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/65436