CVE-2008-3820 — Improper Authentication in Cisco Security Manager

CWE-287 — Improper Authentication4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

1.0%

top 23.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Security Manager

Timeline

PublishedJan 22

Latest updateMay 2

Description

Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/security_manager4 versions+3

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-fr66-q3h8-gpgg: Cisco Security Manager 3↗2022-05-02

▶

CVEList

CVE-2008-3820: Cisco Security Manager 3↗2009-01-22

▶

📋Vendor Advisories

Cisco

Cisco Security Manager Vulnerability↗2009-01-21

▶