Cisco Security Agent for Microsoft Windows Crafted SMB Packet Remote Overflow

critical Nessus Plugin ID 32131

Synopsis

The remote Windows host has an application that is affected by a buffer overflow vulnerability.

Description

The version of Cisco Security Agent installed on the remote host is affected by a buffer overflow vulnerability. By sending a specially- crafted SMB request to the agent, an unauthenticated attacker may be able to execute arbitrary code with SYSTEM level privileges.

Solution

- Cisco Security Agent version 4.5.1, upgrade to 4.5.1.672
- Cisco Security Agent version 5.0, upgrade to 5.0.0.225
- Cisco Security Agent version 5.1, upgrade to 5.1.0.106
- Cisco Security Agent version 5.2, upgrade to 5.2.0.238

See Also

https://www.securityfocus.com/archive/1/484669

http://www.nessus.org/u?b5815fea

Plugin Details

Severity: Critical

ID: 32131

File Name: cisco_csa_buffer_overflow.nasl

Version: 1.18

Type: local

Agent: windows

Family: Windows

Published: 5/2/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:cisco:security_agent

Required KB Items: SMB/Cisco Security Agent/Path, SMB/Cisco Security Agent/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 12/5/2007

Vulnerability Publication Date: 12/5/2007

Reference Information

CVE: CVE-2007-5580

BID: 26723

CWE: 119