Computer Security

Cisco Security Manager unauthorized access
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Cisco Security Manager unauthorized access
Published:22.01.2009
Source:BUGTRAQ
SecurityVulns ID:9615
Type:remote
Level:7/10
Description:Unauthorized MySQL database access is possible if used with Cisco IPS Event Viewer.
Affected:CISCO : Cisco Security Manager 3.1
 CISCO : Cisco Security Manager 3.2
 CISCO : Cisco IPS Manager Express
CVE:CVE-2008-3820 (Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Security Manager Vulnerability (22.01.2009)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server