Skip to main content

Cisco Security Agent "st_upload" Remote File Creation Vulnerability

Last Update Date: 25 Feb 2011 Release Date: 18 Feb 2011 6452 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in Cisco Security Agent, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by an input validation error in the "webagent.exe" component when processing "st_upload" POST requests, which could be exploited by remote unauthenticated attackers to create a malicious file on an affected web server and execute arbitrary code with SYSTEM privileges.


Impact

  • Remote Code Execution

System / Technologies affected

  • Cisco Security Agent version 5.1
  • Cisco Security Agent version 5.2
  • Cisco Security Agent version 6.0

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

  • Upgrade to Cisco Security Agent version 6.0.2.145 :

http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278065206


Vulnerability Identifier


Source


Related Link