CVE-2008-1157

EPSS 25.27%
Veröffentlicht 14.03.2008 20:44:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ciscoworks Internetwork Performance Monitor Version2.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	25.27%	0.959

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/29376

Vendor Advisory

http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml

Patch

Vendor Advisory

http://www.securityfocus.com/bid/28249

Patch

http://www.securitytracker.com/id?1019611

http://www.vupen.com/english/advisories/2008/0876/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41208

https://nvd.nist.gov/vuln/detail/CVE-2008-1157

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1157

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1157

EUVD