Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-3040

Опубликовано: 09 нояб. 2010
Источник: nvd
CVSS2: 10
EPSS Средний

Описание

Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164.

Комментарий

Per: http://tools.cisco.com/security/center/viewAlert.x?alertId=21726

'Cisco has confirmed this vulnerability in software release notes; however, software updates are not available.'

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:intelligent_contact_manager:*:*:*:*:*:*:*:*
Версия до 6.0\(0\)a\(1\) (включая)
cpe:2.3:a:cisco:intelligent_contact_manager:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)_sr2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)_sr3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)_sr4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)_sr5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)_sr7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)_sr8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)_sr9:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)_sr10:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)_sr11:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)_sr12:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)_sr13:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:5.0\(0\)a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\)_sr1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\)_sr2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\)_sr3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\)_sr4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\)_sr5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\)_sr6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\)_sr7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\)_sr8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\)_sr9:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\)_sr10:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intelligent_contact_manager:6.0\(0\)a:*:*:*:*:*:*:*

EPSS

Процентиль: 96%
0.25557
Средний

10 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

github логотип

GHSA-p53c-r56g-jhh5

github
больше 3 лет назад

Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164.

EPSS

Процентиль: 96%
0.25557
Средний

10 Critical

CVSS2

Дефекты

CWE-119