CVE-2010-3040Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Intelligent Contact Manager

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
25.6%
top 3.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Intelligent Contact Manager
Timeline
PublishedNov 9
Latest updateMay 17

Description

Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDcisco/intelligent_contact_manager6.0\(0\)a\(1\)+26

🔴Vulnerability Details

2
GHSA
GHSA-p53c-r56g-jhh5: Multiple stack-based buffer overflows in agent2022-05-17
CVEList
CVE-2010-3040: Multiple stack-based buffer overflows in agent2010-11-09
CVE-2010-3040 — Cisco vulnerability | cvebase