Vulnerability CVE-2011-2738


Published: 2011-09-19   Modified: 2012-02-13

Description:
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.

Type:

CWE-noinfo

Vendor: Cisco
Product: Unified service monitor 
Version:
8.5
8.0
2.3
2.2
2.1
2.0.1
2.0
1.1
Product: Unified operations manager 
Version:
8.5
8.0
2.3
2.2
2.1
2.0.3
2.0.2
2.0.1
2.0
1.1
1.0
Product: Ciscoworks lan management solution 
Version:
4.0.1
4.0
3.2
3.1
3.0
Vendor: EMC
Product: Ionix ip 
Version: 8.1.1.1;
Product: Ionix asam 
Version: 3.2.0.2;
Product: Ionix acm 
Version: 2.3;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml
http://www.securityfocus.com/archive/1/519646/100/0/threaded
http://www.securityfocus.com/bid/49627
http://www.securityfocus.com/bid/49644
http://www.securitytracker.com/id?1026046
http://www.securitytracker.com/id?1026047
http://www.securitytracker.com/id?1026048
http://www.securitytracker.com/id?1026059
https://exchange.xforce.ibmcloud.com/vulnerabilities/69828

Related CVE
CVE-2019-3733
RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentiall...
CVE-2019-3732
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x ...
CVE-2019-3731
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to e...
CVE-2019-3730
RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a ?padding oracle attack vulnerability?. A malic...
CVE-2019-3729
RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit ...
CVE-2019-3728
RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerabil...
CVE-2018-15769
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients dur...
CVE-2018-11080
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user t...

Copyright 2019, cxsecurity.com

 

Back to Top