Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3820

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-3820
Last Modified 07 Mar 2011 10:11:27
Published 22 Jan 2009 01:30:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3820

Summary

Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.

Vulnerable Systems

Application

  • Cisco Security Manager

  • Cisco Security Manager 3.1

  • Cisco Security Manager 3.1.1

  • Cisco Security Manager 3.2

  • Cisco Security Manager 3.2.1


References

CISCO - 20090121 Cisco Security Manager Vulnerability

XF - cisco-securitymanager-iev-weak-security(48134)

VUPEN - ADV-2009-0214

SECTRACK - 1021619

BID - 33381

SECUNIA - 33633


Last Updated: 27 May 2016 10:48:18