CVE-2010-0148 - Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allow

CVE-2010-0148

Summary

Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets." Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml Only Cisco Security Agent release 5.2 for Linux, either managed or standalone, are affected by the DoS vulnerability (the Windows version is not affected). The Linux version of standalone agents are installed in the following products: * Cisco Unified Communications Manager (CallManager) * IPCC Express * IP Interactive Voice Response (IP IVR) * Cisco Unified Meeting Place * Cisco Personal Assistant (PA) * Cisco Unity Connection Note: The Sun Solaris version of the Cisco Security Agent is not affected by these vulnerabilities. Only Cisco Security Agent release 5.2 for Linux, either managed or standalone, are affected by the DoS vulnerability. "

References

Vulnerable Configurations

cpe:2.3:a:cisco:security_agent:5.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:security_agent:5.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 17-08-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	38273
cisco	20100217 Multiple Vulnerabilities in Cisco Security Agent
osvdb	62445
sectrack	1023607
secunia	38619
vupen	ADV-2010-0416
xf	cisco-securityagent-tcp-dos(56347)

Last major update

17-08-2017 - 01:31

Published

23-02-2010 - 20:30

Last modified

17-08-2017 - 01:31