CVE-2010-0138
🟠 Łataj w tym tygodniu
Przepełnienie bufora w CiscoWorks IPM umożliwia zdalne wykonanie kodu.
CVSS
10.0
EPSS
10.9%
Exploit
none
Vendor
cisco
Opis źródłowy (NVD)
Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.
buffer-overflow
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 10.0 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 10.9% |
| Opublikowano (NVD) | 2010-01-21 22:30:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-29 01:13:23 UTC |
Referencje
- http://secunia.com/advisories/38230 (psirt@cisco.com) [Vendor Advisory]
- http://securitytracker.com/id?1023484 (psirt@cisco.com)
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml (psirt@cisco.com) [Vendor Advisory]
- http://www.securityfocus.com/bid/37879 (psirt@cisco.com)
- http://www.vupen.com/english/advisories/2010/0184 (psirt@cisco.com) [Vendor Advisory]
- http://www.zerodayinitiative.com/advisories/ZDI-10-004/ (psirt@cisco.com)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55768 (psirt@cisco.com)