Buffer Overflow Vulnerability in CiscoWorks Common Services Web-Server Module
CVE-2010-3036

Currently unrated

Key Information:

Vendor: Cisco
Status: Ciscoworks Common Services; Ciscoworks Lan Management Solution; Qos Policy Manager; Security Manager
Vendor: CVE Published:; 29 October 2010

Summary

Multiple buffer overflow vulnerabilities exist in the authentication functionality of the web-server module of CiscoWorks Common Services prior to version 4.0. These vulnerabilities allow remote attackers to execute arbitrary code by exploiting sessions on TCP ports 443 and 1741. This can lead to unauthorized access and potential compromise of sensitive data.

References

http://osvdb.org/68927

vdb-entryx_refsource_OSVDB

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://securitytracker.com/id?1024646

vdb-entryx_refsource_SECTRACK

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 29, 2010
Vulnerability Reserved
Aug 17, 2010