Cisco Linksys WMB54G Remote Command Injection Vulnerability

Cisco Linksys WMB54G Remote Command Injection Vulnerability

Release date:
Updated on:

Affected Systems:
Cisco Linksys WMB54G 1.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54615

CiscoWorks Common Services is a group of management Services that CiscoWorks centrally manages application sharing.

When the CiscoWorks Home Page component runs the firmware update function, the TFTP service does not correctly verify the input. The implementation has a remote command injection vulnerability, the remote authenticated attacker sends a specially crafted URL to the affected system through the default Management port TCP port 1741 or 443. After successful exploitation, attackers can execute arbitrary commands with the current user permission. This vulnerability only affects general CiscoWorks services running on Microsoft Windows.

<* Source: Craig

Link: http://www.devttys0.com/2012/07/hacking-the-linksys-wmb54g/
Http://secunia.com/advisories/49868/
Http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20111019-cs) and patches for this:

Cisco-sa-20111019-cs: CiscoWorks Common Services Arbitrary Command Execution Vulnerability

Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs