Stack-Based Buffer Overflow in Cisco Intelligent Contact Manager Prior to Version 7.0
CVE-2010-3040

Currently unrated

Key Information:

Vendor: Cisco
Status: Intelligent Contact Manager
Vendor: CVE Published:; 9 November 2010

What is CVE-2010-3040?

Multiple stack-based buffer overflow vulnerabilities exist in the agent.exe component of the Setup Manager in Cisco Intelligent Contact Manager (ICM) prior to version 7.0. These vulnerabilities allow remote attackers to execute arbitrary code by sending specially crafted TCP packets with overly long parameters. The impacted functions include HandleUpgradeAll, AgentUpgrade, HandleQueryNodeInfoReq, and HandleUpgradeTrace, which may lead to system compromise if exploited.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-233/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-10-234/

x_refsource_MISC

http://securitytracker.com/id?1024693

vdb-entryx_refsource_SECTRACK

EPSS Score

25% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 9, 2010