Buffer overflow in Cisco Ciscoworks_common_services

CVE-2010-3036

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug I…

Vulnerability class: Buffer Overflow

EPSS: 0.188 (95.4th percentile) — read the EPSS interpretation.

Affected products

Cisco Ciscoworks_common_services — versions 3.1.1, 3.2, 3.3
Cisco Ciscoworks_lan_management_solution — versions 3.2, 3.0, 3.1
Cisco Qos_policy_manager — versions 4.0.2, 4.0, 4.0.1
Cisco Security_manager — versions 3.2, 3.0.2
Cisco Telepresence_readiness_assessment_manager — versions 1.0
Cisco Unified_operations_manager — versions 2.0.3, 2.0.1, 2.0.2
Cisco Unified_service_monitor — versions 2.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

68927 (x_refsource_OSVDB, vdb-entry)
20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability (x_refsource_CISCO, vendor-advisory, Patch, Vendor Advisory)
1024646 (vdb-entry, x_refsource_SECTRACK)
44468 (Patch, vdb-entry, x_refsource_BID)
42011 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
ADV-2010-2793 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)