PRIOn knowledge basePRION:CVE-2008-0532

HistoryMar 14, 2008 - 8:44 p.m.

Buffer overflow

2008-03-1420:44:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.927 High

EPSS

Percentile

98.9%

JSON

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.

CPENameOperatorVersion
user_changeable_passwordeq4.1

CPE	Name	Operator	Version
	user_changeable_password	eq	4.1

References

secunia.com/advisories/29351

securityreason.com/securityalert/3743

securitytracker.com/id?1019608

www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml

www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt

www.securityfocus.com/archive/1/489463/100/0/threaded

www.securityfocus.com/bid/28222

www.vupen.com/english/advisories/2008/0868

exchange.xforce.ibmcloud.com/vulnerabilities/41154

8.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.927 High

EPSS

Percentile

98.9%

JSON

Related for PRION:CVE-2008-0532