Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Security Agent multiple security vulnerabilities
Published:22.02.2010
Source:
SecurityVulns ID:10638
Type:remote
Threat Level:
6/10
Description:Directpry traversal, SQL injection, DoS.
Affected:CISCO : Cisco Security Agent 5.1
 CISCO : Cisco Security Agent 5.2
 CISCO : Cisco Security Agent 6.0
CVE:CVE-2010-0148 (Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets.")
 CVE-2010-0147 (SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2010-0146 (Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.)
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Agent (22.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod