cisco-sa-20100217-csa

Multiple Vulnerabilities in Cisco Security Agent

cisco-sa-20100217-csa · Critical · Published 16 years ago · Updated 16 years ago

The Management Center for Cisco Security Agents is affected by a directory traversal vulnerability and a SQL injection vulnerability. Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server hosting the Management Center. Successful exploitation of the SQL injection vulnerability may allow an authenticated attacker to execute SQL statements that can cause instability of the product or changes in the configuration. Additionally, the Cisco Security Agent is affected by a denial of service (DoS) vulnerability. Successful exploitation of the Cisco Security Agent agent DoS vulnerability may cause the affected system to crash. Repeated exploitation could result in a sustained DoS condition. These vulnerabilities are independent of each other. Cisco has released software updates that address these vulnerabilities. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100217-csa.

Cisco advisory · CSAF JSON

Workarounds

No workaround information imported yet.

CVEs	CVE-2010-0146, CVE-2010-0147, CVE-2010-0148
Cisco Bug IDs	NA
CVSS Score	Base 6.8 Base 6.8 AV:N/AC:L/Au:S/C:C/I:N/A:N/E:H/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND Base 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source	Cisco Intelligent Contact Manager (ICM), Cisco Unity, Cisco Emergency Responder, Cisco Conference Connection, Cisco Personal Assistant, Cisco Internet Service Node (ISN), Cisco Unified Contact Center, Cisco Secure Access Control Server Solution Engine (ACSE), Cisco Security Agent, Cisco Unified MeetingPlace, Cisco Unified Customer Voice Portal (CVP), Cisco Unified IP IVR, Cisco IP Queue Manager, Cisco Unity Bridge, Cisco Unity Connection, Cisco Security Manager, Cisco Unified Communications Manager, Cisco Unified Contact Center Express

Related Products

Product	CVE	Evidence
Cisco Unity Connection	CVE-2010-0148	Cisco OpenVuln
Cisco Unity Connection	CVE-2010-0147	Cisco OpenVuln
Cisco Unity Connection	CVE-2010-0146	Cisco OpenVuln
Cisco Unity Bridge	CVE-2010-0148	Cisco OpenVuln
Cisco Unity Bridge	CVE-2010-0147	Cisco OpenVuln
Cisco Unity Bridge	CVE-2010-0146	Cisco OpenVuln
Cisco Unity	CVE-2010-0148	Cisco OpenVuln
Cisco Unity	CVE-2010-0147	Cisco OpenVuln
Cisco Unity	CVE-2010-0146	Cisco OpenVuln
Cisco Unified MeetingPlace	CVE-2010-0148	Cisco OpenVuln
Cisco Unified MeetingPlace	CVE-2010-0147	Cisco OpenVuln
Cisco Unified MeetingPlace	CVE-2010-0146	Cisco OpenVuln
Cisco Unified IP IVR	CVE-2010-0148	Cisco OpenVuln
Cisco Unified IP IVR	CVE-2010-0147	Cisco OpenVuln
Cisco Unified IP IVR	CVE-2010-0146	Cisco OpenVuln
Cisco Unified Customer Voice Portal (CVP)	CVE-2010-0148	Cisco OpenVuln
Cisco Unified Customer Voice Portal (CVP)	CVE-2010-0147	Cisco OpenVuln
Cisco Unified Customer Voice Portal (CVP)	CVE-2010-0146	Cisco OpenVuln
Cisco Unified Contact Center Express	CVE-2010-0148	Cisco OpenVuln
Cisco Unified Contact Center Express	CVE-2010-0147	Cisco OpenVuln
Cisco Unified Contact Center Express	CVE-2010-0146	Cisco OpenVuln
Cisco Unified Contact Center	CVE-2010-0148	Cisco OpenVuln
Cisco Unified Contact Center	CVE-2010-0147	Cisco OpenVuln
Cisco Unified Contact Center	CVE-2010-0146	Cisco OpenVuln
Cisco Unified Communications Manager	CVE-2010-0148	Cisco OpenVuln
Cisco Unified Communications Manager	CVE-2010-0147	Cisco OpenVuln
Cisco Unified Communications Manager	CVE-2010-0146	Cisco OpenVuln
Cisco Security Manager	CVE-2010-0148	Cisco OpenVuln
Cisco Security Manager	CVE-2010-0147	Cisco OpenVuln
Cisco Security Manager	CVE-2010-0146	Cisco OpenVuln
Cisco Security Agent	CVE-2010-0148	Cisco OpenVuln
Cisco Security Agent	CVE-2010-0147	Cisco OpenVuln
Cisco Security Agent	CVE-2010-0146	Cisco OpenVuln
Cisco Secure Access Control Server Solution Engine (ACSE)	CVE-2010-0148	Cisco OpenVuln
Cisco Secure Access Control Server Solution Engine (ACSE)	CVE-2010-0147	Cisco OpenVuln
Cisco Secure Access Control Server Solution Engine (ACSE)	CVE-2010-0146	Cisco OpenVuln
Cisco Personal Assistant	CVE-2010-0148	Cisco OpenVuln
Cisco Personal Assistant	CVE-2010-0147	Cisco OpenVuln
Cisco Personal Assistant	CVE-2010-0146	Cisco OpenVuln
Cisco Internet Service Node (ISN)	CVE-2010-0148	Cisco OpenVuln
Cisco Internet Service Node (ISN)	CVE-2010-0147	Cisco OpenVuln
Cisco Internet Service Node (ISN)	CVE-2010-0146	Cisco OpenVuln
Cisco Intelligent Contact Manager (ICM)	CVE-2010-0148	Cisco OpenVuln
Cisco Intelligent Contact Manager (ICM)	CVE-2010-0147	Cisco OpenVuln
Cisco Intelligent Contact Manager (ICM)	CVE-2010-0146	Cisco OpenVuln
Cisco IP Queue Manager	CVE-2010-0148	Cisco OpenVuln
Cisco IP Queue Manager	CVE-2010-0147	Cisco OpenVuln
Cisco IP Queue Manager	CVE-2010-0146	Cisco OpenVuln
Cisco Emergency Responder	CVE-2010-0148	Cisco OpenVuln
Cisco Emergency Responder	CVE-2010-0147	Cisco OpenVuln
Cisco Emergency Responder	CVE-2010-0146	Cisco OpenVuln
Cisco Conference Connection	CVE-2010-0148	Cisco OpenVuln
Cisco Conference Connection	CVE-2010-0147	Cisco OpenVuln
Cisco Conference Connection	CVE-2010-0146	Cisco OpenVuln

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Multiple Vulnerabilities in Cisco Security Agent

Workarounds

Related Products