Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security

Security Advisory – SOS-11-006 – Cisco Unified Operations Manager Multiple Vulnerabilities

Release Date: 18-May-2011

Last Update:

Vendor Notification Date: 28-Feb-2011

Product: Cisco Unified Operations Manager
Common Services Framework Help Servlet
Common Services Device Center
CiscoWorks Homepage
Note: All of the above products are included by default in CuOM.

Platform: Microsoft Windows

Affected versions: CuOM 8.0 and 8.5 (verified), possibly others.

Severity Rating: Medium – Low

Impact: Database access, cookie and credential theft, impersonation, loss of confidentiality, local file disclosure, information disclosure.

Attack Vector: Remote with authentication

Solution Status: Vendor patch

CVE reference: CVE-2011-0959 (CSCtn61716)
CVE-2011-0960 (CSCtn61716)
CVE-2011-0961 (CSCto12704)
CVE-2011-0962 (CSCto12712)
CVE-2011-0966 (CSCto35577)


Cisco Unified Operations Manager (CuOM) is a NMS for voice developed by Cisco Systems. Operations Manager monitors and evaluates the current status of both the IP communications infrastructure and the underlying transport infrastructure in your network.

Multiple vulnerabilities have been identified in Cisco Unified Operations Manager and associated products. These vulnerabilities include multiple blind SQL injections, multiple XSS’ and a directory traversal vulnerability.

Please refer to the PDF version of this advisory for proof of concept code examples.


Upgrade to CuOM 8.6.

Refer to Cisco Bug IDs: CSCtn61716, CSCto12704, CSCto12712 and CSCto35577 for information on patches and availability of fixes.

Discovered By

Sense of Security Labs.

Our expert consultants are here to help you. For all your Cyber Security needs please contact us today.

No Comments

Sorry, the comment form is closed at this time.