CVE-2010-1572

Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3290b.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/40682
https://exchange.xforce.ibmcloud.com/vulnerabilities/59271
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3290b.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/40682
https://exchange.xforce.ibmcloud.com/vulnerabilities/59271

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:application_extension_framework:1.1:::::::*
	cpe:2.3:a:cisco:application_extension_framework:1.1.5:::::::*

History

21 Nov 2024, 01:14

Type	Values Removed	Values Added
References	~~() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3290b.shtml - Patch, Vendor Advisory~~	() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3290b.shtml - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/40682 -~~	() http://www.securityfocus.com/bid/40682 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/59271 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/59271 -

Information

Published : 2010-06-10 00:30

Updated : 2024-11-21 01:14

NVD link : CVE-2010-1572

Mitre link : CVE-2010-1572

CVE.ORG link : CVE-2010-1572

JSON object : View

Products Affected

cisco

application_extension_framework

CWE

NVD-CWE-noinfo

{"id": "CVE-2010-1572", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-06-10T00:30:07.473", "references": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3290b.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/40682", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59271", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3290b.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/40682", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59271", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls."}, {"lang": "es", "value": "Vulnerabilidad no especificada en la shell de soporte de diagn\u00f3stico t\u00e9cnico en Cisco Application Extension Platform (AXP) v1.1 y v1.1.5 permite a usuarios locales obtener informaci\u00f3n sensible y obtener privilegios de administrador a trav\u00e9s de llamadas a la API no especificada. \r\n"}], "lastModified": "2024-11-21T01:14:42.910", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:application_extension_framework:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "794D6B98-85BE-4AB3-A386-821A00BD1B5D"}, {"criteria": "cpe:2.3:a:cisco:application_extension_framework:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A29628A1-1564-4865-A2B9-1AD51D78EBAE"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}