Lucene search

[email protected]CVE-2004-1112

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1112

2005-01-1005:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cisco security agent

csa

buffer overflow

remote attack

bypass

vulnerability

8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

74.8%

JSON

The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.

CPENameOperatorVersion
cisco:security_agentcisco security agenteq4.0.3
cisco:security_agentcisco security agenteq4.0.2
cisco:security_agentcisco security agenteq3
cisco:security_agentcisco security agenteq4.0
okena:stormwatchokena stormwatcheq3.x
cisco:security_agentcisco security agenteq4.0.1

CPE	Name	Operator	Version
cisco:security_agent	cisco security agent	eq	4.0.3
cisco:security_agent	cisco security agent	eq	4.0.2
cisco:security_agent	cisco security agent	eq	3
cisco:security_agent	cisco security agent	eq	4.0
okena:stormwatch	okena stormwatch	eq	3.x
cisco:security_agent	cisco security agent	eq	4.0.1

References

www.ciac.org/ciac/bulletins/p-036.shtml

www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml

www.securityfocus.com/bid/11659

exchange.xforce.ibmcloud.com/vulnerabilities/18037

8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

74.8%

JSON