CVE-2009-2977

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtb52450
http://www.securityfocus.com/archive/1/505995/100/0/threaded
http://www.securityfocus.com/archive/1/505998/100/0/threaded
http://www.securityfocus.com/bid/36098
http://www.vupen.com/english/advisories/2009/2364	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52913
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtb52450
http://www.securityfocus.com/archive/1/505995/100/0/threaded
http://www.securityfocus.com/archive/1/505998/100/0/threaded
http://www.securityfocus.com/bid/36098
http://www.vupen.com/english/advisories/2009/2364	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52913

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cisco:cs-mars::::::::
	cpe:2.3:h:cisco:cs-mars:4.1:::::::*
	cpe:2.3:h:cisco:cs-mars:4.1.2:::::::*
	cpe:2.3:h:cisco:cs-mars:4.1.3:::::::*
	cpe:2.3:h:cisco:cs-mars:4.1.5:::::::*

History

21 Nov 2024, 01:06

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtb52450 -~~	() http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtb52450 -
References	~~() http://www.securityfocus.com/archive/1/505995/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/505995/100/0/threaded -
References	~~() http://www.securityfocus.com/archive/1/505998/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/505998/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/36098 -~~	() http://www.securityfocus.com/bid/36098 -
References	~~() http://www.vupen.com/english/advisories/2009/2364 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2009/2364 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/52913 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/52913 -

Information

Published : 2009-08-27 17:30

Updated : 2024-11-21 01:06

NVD link : CVE-2009-2977

Mitre link : CVE-2009-2977

CVE.ORG link : CVE-2009-2977

JSON object : View

Products Affected

cisco

cs-mars

CWE

CWE-310

Cryptographic Issues

3.3 /10