CVE-2010-3040 – Cisco ICM Setup Manager Agent.exe HandleUpgradeTrace Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-3040

Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. Múltiples desbordamientos de búfer basados en pila en Setup Manager en Cisco Intelligent Contact Manager (ICM) anterior v7.0 permite a atacantes remotos ejecutar código de su elección a través de un parámetro largo en un paquete (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, o (4) HandleUpgradeTrace TCP, también conocidos como Bug IDs CSCti45698, CSCti45715, CSCti45726, y CSCti46164. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco ICM. Authentication is not required to exploit this vulnerability. The flaw exists within the Agent.exe component which listens by default on TCP port 40078. When handling the HandleUpgradeTrace packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. • http://secunia.com/advisories/42146 http://securitytracker.com/id?1024693 http://tools.cisco.com/security/center/viewAlert.x?alertId=21726 http://www.securityfocus.com/bid/44699 http://www.vupen.com/english/advisories/2010/2914 http://www.zerodayinitiative.com/advisories/ZDI-10-232 http://www.zerodayinitiative.com/advisories/ZDI-10-233 http://www.zerodayinitiative.com/advisories/ZDI-10-234 http://www.zerodayinitiative.com/advisories/ZDI-10-235 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •