CVE-2004-1112

critical

Description

The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/18037

http://www.securityfocus.com/bid/11659

http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml

http://www.ciac.org/ciac/bulletins/p-036.shtml

Details

Source: Mitre, NVD

Published: 2005-01-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00876