Lucene search

[email protected]CVE-2011-0926

HistoryFeb 25, 2011 - 6:00 p.m.

CVE-2011-0926

2011-02-2518:00:00

CWE-20

[email protected]

web.nvd.nist.gov

cisco

secure desktop

activex control

csdwebinstaller.ocx

remote code execution

spoofing

installation process

vulnerability

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.876 High

EPSS

Percentile

98.6%

JSON

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.

CPENameOperatorVersion
cisco:secure_desktopcisco secure desktopeq*

CPE	Name	Operator	Version
cisco:secure_desktop	cisco secure desktop	eq	*

References

securityreason.com/securityalert/8105

www.securityfocus.com/archive/1/516647/100/0/threaded

www.securityfocus.com/bid/46536

www.securitytracker.com/id?1025118

www.vupen.com/english/advisories/2011/0513

www.zerodayinitiative.com/advisories/ZDI-11-091/

exchange.xforce.ibmcloud.com/vulnerabilities/65755

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.876 High

EPSS

Percentile

98.6%

JSON

Related for CVE-2011-0926

prion3 cvelist2 securityvulns4 saint4 checkpoint_advisories1 cve2 zdi2 kaspersky1