CVE-2010-0138

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

uffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.

References

Link	Resource
http://secunia.com/advisories/38230	Vendor Advisory
http://securitytracker.com/id?1023484
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml	Vendor Advisory
http://www.securityfocus.com/bid/37879
http://www.vupen.com/english/advisories/2010/0184	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-004/
https://exchange.xforce.ibmcloud.com/vulnerabilities/55768
http://secunia.com/advisories/38230	Vendor Advisory
http://securitytracker.com/id?1023484
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml	Vendor Advisory
http://www.securityfocus.com/bid/37879
http://www.vupen.com/english/advisories/2010/0184	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-004/
https://exchange.xforce.ibmcloud.com/vulnerabilities/55768

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:ciscoworks_internetwork_performance_monitor::::::::
	cpe:2.3:a:cisco:ciscoworks_internetwork_performance_monitor:2.4:::::::*
	cpe:2.3:a:cisco:ciscoworks_internetwork_performance_monitor:2.5:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:11

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/38230 - Vendor Advisory~~	() http://secunia.com/advisories/38230 - Vendor Advisory
References	~~() http://securitytracker.com/id?1023484 -~~	() http://securitytracker.com/id?1023484 -
References	~~() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml - Vendor Advisory~~	() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/37879 -~~	() http://www.securityfocus.com/bid/37879 -
References	~~() http://www.vupen.com/english/advisories/2010/0184 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2010/0184 - Vendor Advisory
References	~~() http://www.zerodayinitiative.com/advisories/ZDI-10-004/ -~~	() http://www.zerodayinitiative.com/advisories/ZDI-10-004/ -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/55768 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/55768 -

Information

Published : 2010-01-21 22:30

Updated : 2025-04-11 00:51

NVD link : CVE-2010-0138

Mitre link : CVE-2010-0138

CVE.ORG link : CVE-2010-0138

JSON object : View

Products Affected

cisco

ciscoworks_internetwork_performance_monitor

microsoft

windows

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

10.0 /10