CVE-2010-3036

CWE-119 — Buffer Overflow CWE-94 — Code Injection4 documents4 sources

Severity

10.0CRITICAL

EPSS

18.8%

top 4.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Ciscoworks Common Services Cisco Ciscoworks LAN Management Solution Cisco QOS Policy Manager +4 more

Timeline

PublishedOct 29

Latest updateMay 17

Description

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages7 packages

▶NVDcisco/ciscoworks_common_services6 versions+5

▶NVDcisco/ciscoworks_lan_management_solution4 versions+3

▶NVDcisco/security_manager3.0.2, 3.2+1

▶NVDcisco/qos_policy_manager4.0, 4.0.1, 4.0.2+2

▶NVDcisco/unified_service_monitor2.0.1

Patches

Patch: www.cisco.com ↗Patch: www.securityfocus.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-36rh-2x2f-hxh9: Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4↗2022-05-17

▶

CVEList

CVE-2010-3036: Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4↗2010-10-29

▶

📋Vendor Advisories

Cisco

CiscoWorks Common Services Arbitrary Code Execution Vulnerability↗2010-10-27

▶