CVE-2010-0589 — Improper Input Validation in Cisco Secure Desktop

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

1.6%

top 18.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Desktop

Timeline

PublishedApr 15

Latest updateMay 2

Description

The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/secure_desktop3.5+11

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-rrfm-4fhv-2623: The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3↗2022-05-02

▶

CVEList

CVE-2010-0589: The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3↗2010-04-15

▶