CVE-2010-0138

critical

Description

Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/55768

http://www.zerodayinitiative.com/advisories/ZDI-10-004/

http://www.vupen.com/english/advisories/2010/0184

http://www.securityfocus.com/bid/37879

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml

http://securitytracker.com/id?1023484

http://secunia.com/advisories/38230

Details

Source: Mitre, NVD

Published: 2010-01-21

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical