Executive Summary
| Summary | |
|---|---|
| Title | Cisco Security Agent Remote Code Execution Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20111026-csa | First vendor Publication | N/A |
| Vendor | Cisco | Last vendor Modification | 2011-10-26 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.4 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cisco Security Agent is affected by vulnerabilities that could allow an unauthenticated attacker to perform remote code execution on the affected device. These vulnerabilities are in a third-party library (Oracle Outside In) and are documented in CERT-CC Vulnerability Note VU#520721 at http://www.kb.cert.org/vuls/id/520721 Cisco has released free software updates that address this vulnerability. No workaround is available to mitigate these vulnerabilities. |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 71970 | Oracle Outside In Technology Outside In Filters Unspecified Local DoS Oracle Outside In Technology contains a flaw related to the Outside In Filters component that may allow a local attacker to cause a denial of service via vectors related to the vswk6.dll and sccut.dll modules handling of Microsoft CAB or .onepkg files. No further details have been provided. |
| 71969 | Oracle Outside In Technology Outside In File ID SDK Unspecified Local DoS Oracle Outside In Technology contains a flaw related to the Outside In File ID SDK component that may allow a local attacker to cause a denial of service via vectors related to the vswk6.dll and sccut.dll modules handling of Lotus 123 files. No further details have been provided. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-10-07 | Name : An archiving application installed on the remote host has multiple vulnerabil... File : symantec_enterprise_vault_sym11-011.nasl - Type : ACT_GATHER_INFO |
