Vulnerability CVE-2011-2738


Published: 2011-09-19   Modified: 2012-02-13

Description:
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.

Type:

CWE-noinfo

Vendor: Cisco
Product: Unified service monitor 
Version:
8.5
8.0
2.3
2.2
2.1
2.0.1
2.0
1.1
Product: Unified operations manager 
Version:
8.5
8.0
2.3
2.2
2.1
2.0.3
2.0.2
2.0.1
2.0
1.1
1.0
Product: Ciscoworks lan management solution 
Version:
4.0.1
4.0
3.2
3.1
3.0
Vendor: EMC
Product: Ionix ip 
Version: 8.1.1.1;
Product: Ionix asam 
Version: 3.2.0.2;
Product: Ionix acm 
Version: 2.3;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml
http://www.securityfocus.com/archive/1/519646/100/0/threaded
http://www.securityfocus.com/bid/49627
http://www.securityfocus.com/bid/49644
http://www.securitytracker.com/id?1026046
http://www.securitytracker.com/id?1026047
http://www.securitytracker.com/id?1026048
http://www.securitytracker.com/id?1026059
https://exchange.xforce.ibmcloud.com/vulnerabilities/69828

Related CVE
CVE-2018-15769
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients dur...
CVE-2018-11080
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user t...
CVE-2018-11079
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration...
CVE-2018-15764
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitr...
CVE-2018-11058
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote att...
CVE-2018-11070
RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover ...
CVE-2018-11069
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
CVE-2018-11068
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.

Copyright 2019, cxsecurity.com

 

Back to Top