Vulnerability CVE-2007-1257
Published: 2007-03-03   Modified: 2012-02-12

Description:
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Catalyst 6000 ws-svc-nam-1 
Cisco -> Catalyst 6000 ws-svc-nam-2 
Cisco -> Catalyst 6000 ws-x6380-nam 
Cisco -> Catalyst 6500 ws-svc-nam-1 
Cisco -> Catalyst 6500 ws-svc-nam-2 
Cisco -> Catalyst 6500 ws-x6380-nam 
Cisco -> Catalyst 7600 ws-svc-nam-1 
Cisco -> Catalyst 7600 ws-svc-nam-2 
Cisco -> Catalyst 7600 ws-x6380-nam 
Cisco -> Network analysis module 

 References:
http://www.kb.cert.org/vuls/id/472412
http://xforce.iss.net/xforce/xfdb/32750
http://www.vupen.com/english/advisories/2007/0783
http://www.securitytracker.com/id?1017710
http://www.securityfocus.com/bid/22751
http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml
http://secunia.com/advisories/24344
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5188
http://osvdb.org/33066
Copyright 2024, cxsecurity.com

 

Back to Top