Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Security Manager unauthorized access
Published:22.01.2009
Source:
SecurityVulns ID:9615
Type:remote
Threat Level:
7/10
Description:Unauthorized MySQL database access is possible if used with Cisco IPS Event Viewer.
Affected:CISCO : Cisco Security Manager 3.1
 CISCO : Cisco Security Manager 3.2
 CISCO : Cisco IPS Manager Express
CVE:CVE-2008-3820 (Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Security Manager Vulnerability (22.01.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod