cbcvebase.
CVE-2011-2738
published 2011-09-19

CVE-2011-2738: Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN…

PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
10.96%
95.3th percentile
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
ciscociscoworks_lan_management_solution
ciscociscoworks_lan_management_solution
ciscociscoworks_lan_management_solution
ciscociscoworks_lan_management_solution
ciscociscoworks_lan_management_solution
ciscounified_operations_manager<= 8.5
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_operations_manager
ciscounified_service_monitor<= 8.5
ciscounified_service_monitor
ciscounified_service_monitor
ciscounified_service_monitor
ciscounified_service_monitor
ciscounified_service_monitor
ciscounified_service_monitor
ciscounified_service_monitor
ciscounified_service_monitor_and_cisco_unified_operations_manager

Detection & IOCsextracted from sources · hover to see the quote

portTCP/9002
  • Monitor for crafted/anomalous packets to TCP port 9002 targeting Cisco Unified Service Monitor, Unified Operations Manager, or EMC Ionix products — exploitation triggers a buffer overflow enabling remote code execution without authentication.
  • Unauthenticated remote exploitation — no credentials required; any external connection to TCP/9002 on affected hosts should be treated as suspicious.
  • ·Vulnerability affects multiple product lines and versions; scope includes Cisco Unified Service Monitor <8.6, Unified Operations Manager <8.6, CiscoWorks LAN Management Solution 3.x/4.x <4.1, and multiple EMC Ionix products (ACM ≤2.3, ASAM ≤3.2.0.2, IP ≤8.1.1.1, and others). Ensure detection coverage spans all affected deployments.
  • ·Vulnerabilities are described as 'unspecified' — no packet-level details or PoC are publicly documented, limiting signature-based detection to port/protocol anomaly detection rather than payload matching.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.