CVE-2010-3036
published 2010-10-29CVE-2010-3036: Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to…
PriorityP258critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.99%
92.4th percentile
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_lan_management_solution | — | — |
| cisco | ciscoworks_lan_management_solution | — | — |
| cisco | ciscoworks_lan_management_solution | — | — |
| cisco | ciscoworks_lan_management_solution | — | — |
| cisco | qos_policy_manager | — | — |
| cisco | qos_policy_manager | — | — |
| cisco | qos_policy_manager | — | — |
| cisco | security_manager | — | — |
| cisco | security_manager | — | — |
| cisco | telepresence_readiness_assessment_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_service_monitor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated remote buffer overflow attempts against the CiscoWorks Common Services web-server module on TCP ports 443 and 1741, particularly during the authentication phase. ↗
- →The vulnerability is exploitable by a remote unauthenticated attacker; any pre-authentication traffic to these ports from unexpected or external sources should be treated as suspicious. ↗
- →Track Cisco Bug ID CSCti41352 as the canonical identifier for this vulnerability when correlating vendor advisories or patch status. ↗
- ·No workarounds exist that fully mitigate this vulnerability; only attack surface reduction mitigations are available. Patching to CiscoWorks Common Services 4.0 or later is required. ↗
- ·The vulnerability affects CiscoWorks Common Services on both Oracle Solaris and Microsoft Windows platforms, so detection and patching efforts must cover both OS environments. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
CiscoWorks Common Services Arbitrary Code Execution Vulnerability
vendor_cisco·2010-10-27·CVSS 10.0
CVE-2010-3036 [CRITICAL] CWE-94 CiscoWorks Common Services Arbitrary Code Execution Vulnerability
CiscoWorks Common Services Arbitrary Code Execution Vulnerability
CiscoWorks Common Services for both Oracle Solaris and Microsoft
Windows contains a vulnerability that could allow a remote unauthenticated
attacker to execute arbitrary code on a host device with privileges of a system
administrator.
Cisco has released software updates that address this vulnerability.
There are no workarounds that mitigate this vulnerability. Mitigations
that limit the attack surface of this vulnerability are available.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20101027-cs.
Cisco
CiscoWorks Common Services Arbitrary Code Execution Vulnerability
vendor_cisco
CVE-2010-3036 CiscoWorks Common Services Arbitrary Code Execution Vulnerability
CVE-2010-3036: CiscoWorks Common Services Arbitrary Code Execution Vulnerability
CiscoWorks Common Services for both Oracle Solaris and Microsoft Windows contains a vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code on a host device with privileges of a system administrator. Cisco has released software updates that address this vulnerability. There are no
CWE: CWE-94, CWE-94
Bug IDs: CSCti41352, CSCti41352, CSCti41352, CSCti41352, CSCti41352
GHSA
GHSA-36rh-2x2f-hxh9: Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4
ghsa_unreviewed·2022-05-17
CVE-2010-3036 [HIGH] CWE-119 GHSA-36rh-2x2f-hxh9: Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/68927http://secunia.com/advisories/42011http://securitytracker.com/id?1024646http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtmlhttp://www.securityfocus.com/bid/44468http://www.vupen.com/english/advisories/2010/2793http://osvdb.org/68927http://secunia.com/advisories/42011http://securitytracker.com/id?1024646http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtmlhttp://www.securityfocus.com/bid/44468http://www.vupen.com/english/advisories/2010/2793
2010-10-29
Published