Lucene search

K

Kaspersky LabKLA10106

HistoryApr 15, 2010 - 12:00 a.m.

KLA10106 ACE vulnerability in Cisco Secure Desktop

2010-04-1500:00:00

Kaspersky Lab

threats.kaspersky.com

15

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.127 Low

EPSS

Percentile

95.4%

Detect date:

04/15/2010

Severity:

Critical

Description:

An improperly downloaded files verification vulnerability was found in Cisco Security Desktop. By exploiting this vulnerability malicious users can Execute Arbitrary Code. This vulnerability can be exploited from the network at a point related to Web Install via a specially designed web page.

Affected products:

Cisco Secure Desktop versions 3.5 and earlier

Solution:

Update to latest version

Original advisories:

Impacts:

ACE

Related products:

Cisco Secure Desktop

CVE-IDS:

CVE-2010-05899.3Critical

References

www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0589

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/Cisco-Secure-Desktop/

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.127 Low

EPSS

Percentile

95.4%

Related for KLA10106

securityvulns2 zdi1 cve3 prion3 cvelist2