CVE-2010-3036 - Vulnerability Details

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.28398.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco Subscribe	Ciscoworks Common Services Subscribe Ciscoworks Lan Management Solution Subscribe Qos Policy Manager Subscribe Security Manager Subscribe Telepresence Readiness Assessment Manager Subscribe Unified Operations Manager Subscribe Unified Service Monitor Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.1:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.2:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.3:::::::*

OR	cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.6:update::::::
	cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:::::::*
	cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:december_2007::::::
	cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:::::::*
	cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.2:::::::*
	cpe:2.3:a:cisco:qos_policy_manager:4.0:::::::*
	cpe:2.3:a:cisco:qos_policy_manager:4.0.1:::::::*
	cpe:2.3:a:cisco:qos_policy_manager:4.0.2:::::::*
	cpe:2.3:a:cisco:security_manager:3.0.2:::::::*
	cpe:2.3:a:cisco:security_manager:3.2:::::::*
	cpe:2.3:a:cisco:telepresence_readiness_assessment_manager:1.0:::::::*
	cpe:2.3:a:cisco:unified_operations_manager:2.0.1:::::::*
	cpe:2.3:a:cisco:unified_operations_manager:2.0.2:::::::*
	cpe:2.3:a:cisco:unified_operations_manager:2.0.3:::::::*
	cpe:2.3:a:cisco:unified_service_monitor:2.0.1:::::::*

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/68927
http://secunia.com/advisories/42011
http://securitytracker.com/id?1024646
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml
http://www.securityfocus.com/bid/44468
http://www.vupen.com/english/advisories/2010/2793

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2010-10-29T18:00:00

Updated: 2024-08-07T02:55:46.619Z

Reserved: 2010-08-17T00:00:00

Link: CVE-2010-3036

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-10-29T19:00:02.013

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-3036

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object