Buffer Overflow in CiscoWorks Internetwork Performance Monitor on Windows
CVE-2010-0138

Currently unrated

Key Information:

Vendor: Cisco
Status: Ciscoworks Internetwork Performance Monitor
Vendor: CVE Published:; 21 January 2010

What is CVE-2010-0138?

The vulnerability is a buffer overflow issue found in CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier versions. This weakness allows attackers to exploit a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, leading to the potential execution of arbitrary code on vulnerable devices. This issue is closely linked to a third-party component and has been assigned Bug ID CSCsv62350.

References

http://www.vupen.com/english/advisories/2010/0184

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/38230

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1023484

vdb-entryx_refsource_SECTRACK

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2010
Vulnerability Reserved
Jan 4, 2010