CVE-2008-3820

2009-01-2218:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cisco

security manager

cve-2008-3820

tcp ports

mysql

iev

remote attack

6.8 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.4%

JSON

Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain “root access” to IEV via unspecified use of TCP sessions to these ports.

CPENameOperatorVersion
cisco:security_managercisco security managereq3.1.1
cisco:security_managercisco security managereq3.2
cisco:security_managercisco security managereq3.2.1
cisco:security_managercisco security managereq3.1
cisco:security_managercisco security managereq*

CPE	Name	Operator	Version
cisco:security_manager	cisco security manager	eq	3.1.1
cisco:security_manager	cisco security manager	eq	3.2
cisco:security_manager	cisco security manager	eq	3.2.1
cisco:security_manager	cisco security manager	eq	3.1
cisco:security_manager	cisco security manager	eq	*