2 results (0.007 seconds)

CVSS: 10.0EPSS: 29%CPEs: 4EXPL: 0

Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350. Desbordamiento de búfer en Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 y versiones anteriores en Windows, tal y como se distrubuye en CiscoWorks LAN Management Solution (LMS), permite a atacantes remotos ejecutar código de su elección mediante una petición getProcessName CORBA General Inter-ORB Protocol (GIOP) malformada, relacionado con un "componente de terceros", también conocido como Bug ID CSCsv62350. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CiscoWorks Internetwork Performance Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of CORBA GIOP requests. By making a specially crafted getProcessName GIOP request an attacker can corrupt memory. • http://secunia.com/advisories/38230 http://securitytracker.com/id?1023484 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml http://www.securityfocus.com/bid/37879 http://www.vupen.com/english/advisories/2010/0184 http://www.zerodayinitiative.com/advisories/ZDI-10-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/55768 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands. Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 crea un proceso que ejecuta una consola de comandos y escucha en un puerto TCP elegido de forma aleatoria, que permite a atacantes remotos ejecutar comandos de su elección. • http://secunia.com/advisories/29376 http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml http://www.securityfocus.com/bid/28249 http://www.securitytracker.com/id?1019611 http://www.vupen.com/english/advisories/2008/0876/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41208 • CWE-20: Improper Input Validation •