Computer Security
[EN] no-pyccku

Cisco ICM Setup Manager multiple security vulnerabilities
SecurityVulns ID:11247
Threat Level:
Description:Multiple vulnerabilities in Agent.exe (TCP/40078)
CVE:CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164.)
Original documentdocumentZDI, ZDI-10-235: Cisco ICM Setup Manager Agent.exe HandleUpgradeTrace Remote Code Execution Vulnerability (09.11.2010)
 documentZDI, ZDI-10-234: Cisco ICM Setup Manager Agent.exe HandleQueryNodeInfoReq Remote Code Execution Vulnerability (09.11.2010)
 documentZDI, ZDI-10-233: Cisco ICM Setup Manager Agent.exe AgentUpgrade Remote Code Execution Vulnerability (09.11.2010)
 documentZDI, ZDI-10-232: Cisco ICM Setup Manager Agent.exe HandleUpgradeAll Remote Code Execution Vulnerability (09.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod