CVE-2011-0364

Published: Feb 19, 2011Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.

Affected (3)

Products: Cisco: Security Agent

Cisco

1 product

Security Agent

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cisco Security Agent	Version 5.1
Cisco Security Agent	Version 5.2
Cisco Security Agent	Version 6.0

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (24)

http://secunia.com/advisories/43383

Source: psirt@cisco.com

Vendor Advisory

http://secunia.com/advisories/43393

Source: psirt@cisco.com

Vendor Advisory

http://securityreason.com/securityalert/8095

Source: psirt@cisco.com

http://securityreason.com/securityalert/8197

Source: psirt@cisco.com

http://securityreason.com/securityalert/8205

Source: psirt@cisco.com

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/archive/1/516505/100/0/threaded

Source: psirt@cisco.com

http://www.securityfocus.com/bid/46420

Source: psirt@cisco.com

http://www.securitytracker.com/id?1025088

Source: psirt@cisco.com

http://www.vupen.com/english/advisories/2011/0424

Source: psirt@cisco.com

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-11-088

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/65436

Source: psirt@cisco.com

http://secunia.com/advisories/43383