CVE-2008-3820

{"id": "CVE-2008-3820", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-01-22T18:30:03.780", "references": [{"url": "http://secunia.com/advisories/33633", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/33381", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1021619", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0214", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48134", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/33633", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/33381", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1021619", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/0214", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48134", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain \"root access\" to IEV via unspecified use of TCP sessions to these ports."}, {"lang": "es", "value": "Cisco Security Manager v3.1 y v3.2 antes de v3.2.2, cuando se usa Cisco IPS Event Viewer (IEV), expone los puertos TCP utilizados por el demonio de MySQL y el servidor IEV, lo que permite a atacantes remotos obtener \"acceso de root\" a IEV, mediante el uso de sesiones TCP sin especificar a estos puertos."}], "lastModified": "2024-11-21T00:50:12.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:security_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AC03BFB-10FA-4276-930F-DB450E89DCD8"}, {"criteria": "cpe:2.3:a:cisco:security_manager:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "921F93B3-84A8-471B-9A3A-780C76BA3685"}, {"criteria": "cpe:2.3:a:cisco:security_manager:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADDFAFD3-DEC0-4C6E-BE75-921286A3B2FF"}, {"criteria": "cpe:2.3:a:cisco:security_manager:3.1.1:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2F46134-691C-4B96-87EE-6977E49905CD"}, {"criteria": "cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4686AD6B-CAB3-4CE5-9B13-D30613C614CB"}, {"criteria": "cpe:2.3:a:cisco:security_manager:3.2:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "684784EB-A61E-4FBE-AC5F-AE7E69BD60A5"}, {"criteria": "cpe:2.3:a:cisco:security_manager:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7061A26C-4BC0-4466-99FE-60620BA45629"}, {"criteria": "cpe:2.3:a:cisco:security_manager:3.2.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3EAAD49-6786-4E0A-B9E1-C3D0BD061132"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}