Sign-up

ID

VAR-201002-0066


CVE

CVE-2010-0143


TITLE

Cisco IronPort Encryption Appliance Vulnerability to read arbitrary files in management interfaces such as

Trust: 0.8

sources: JVNDB: JVNDB-2010-003778

DESCRIPTION

Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921. Cisco IronPort Encryption Appliance is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information contained in arbitrary files. This issue is being tracked by IronPort bug 65921. The following products are affected. IronPort Encryption Appliance 6.5 (prior to 6.5.2) IronPort Encryption Appliance 6.2 (prior to 6.2.9.1) IronPort PostX MAP (prior to 6.2.9.1). A remote attacker reads arbitrary files through unknown vectors

Trust: 1.98

sources: NVD: CVE-2010-0143 // JVNDB: JVNDB-2010-003778 // BID: 38168 // VULHUB: VH-CVE-2010-0143

AFFECTED PRODUCTS

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.6

Trust: 1.9

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.5

Trust: 1.9

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.7

Trust: 1.9

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.7.5

Trust: 1.6

vendor:ciscomodel:ironport postxscope:eqversion:6.2.2.1

Trust: 1.6

vendor:ciscomodel:ironport postxscope:eqversion:6.2.2.2

Trust: 1.6

vendor:ciscomodel:ironport postxscope:eqversion:6.2.1

Trust: 1.6

vendor:ciscomodel:ironport postxscope:eqversion:6.2.2

Trust: 1.6

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.5.0.1

Trust: 1.6

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.7.6

Trust: 1.6

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.5

Trust: 1.3

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.4

Trust: 1.3

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.7.3

Trust: 1.0

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.4.1

Trust: 1.0

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.7.1

Trust: 1.0

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.7.4

Trust: 1.0

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.7.2

Trust: 1.0

vendor:ciscomodel:ironport encryption appliancescope:ltversion:6.2.9.1

Trust: 0.8

vendor:ciscomodel:ironport postx mapscope:eqversion:6.2.9

Trust: 0.3

vendor:ciscomodel:ironport postx mapscope:eqversion:6.2

Trust: 0.3

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.52

Trust: 0.3

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.9

Trust: 0.3

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.77

Trust: 0.3

vendor:ciscomodel:ironport encryption appliancescope:eqversion:6.2.41

Trust: 0.3

vendor:ciscomodel:ironport postx mapscope:neversion:6.2.9.1

Trust: 0.3

vendor:ciscomodel:ironport encryption appliancescope:neversion:6.5.2

Trust: 0.3

vendor:ciscomodel:ironport encryption appliancescope:neversion:6.2.9.1

Trust: 0.3

sources: NVD: CVE-2010-0143 // CNNVD: CNNVD-201002-108 // JVNDB: JVNDB-2010-003778 // BID: 38168

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2010-0143
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201002-108
value: HIGH

Trust: 0.6

VUL-HUB: VH-CVE-2010-0143
value: HIGH RISK

Trust: 0.1

NVD: CVE-2010-0143
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.8

VULHUB: VH-CVE-2010-0143
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: NVD: CVE-2010-0143 // CNNVD: CNNVD-201002-108 // JVNDB: JVNDB-2010-003778 // VULHUB: VH-CVE-2010-0143

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-0143

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201002-108

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201002-108

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2010-0143

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VH-CVE-2010-0143

PATCH
title:Multiple Vulnerabilities in Cisco IronPort Encryption Applianceurl:http://www.cisco.com/en/us/products/csa/cisco-sa-20100210-ironport.html
Trust: 0.8
title:Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in IronPort Encryption Applianceurl:http://www.cisco.com/c/en/us/support/docs/cmb/cisco-amb-20100210-ironport.html
Trust: 0.8
title:cisco-sa-20100210-ironporturl:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20100210-ironport
Trust: 0.8
title:19881url:http://tools.cisco.com/security/center/viewalert.x?alertid=19881
Trust: 0.8
title:cisco-sa-20100210-ironporturl:http://www.cisco.com/cisco/web/support/jp/113/1136/1136140_cisco-sa-20100210-ironport-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-003778

EXTERNAL IDS
db:NVDid:CVE-2010-0143
Trust: 2.8
db:SECUNIAid:38525
Trust: 1.0
db:JVNDBid:JVNDB-2010-003778
Trust: 0.8
db:CNNVDid:CNNVD-201002-108
Trust: 0.7
db:CISCOid:20100210 MULTIPLE VULNERABILITIES IN CISCO IRONPORT ENCRYPTION APPLIANCE
Trust: 0.6
db:BIDid:38168
Trust: 0.3
db:VULHUBid:VH-CVE-2010-0143
Trust: 0.1
sources:
            
            
            NVD: CVE-2010-0143 // 
            
            
            
            CNNVD: CNNVD-201002-108 // 
            
            
            
            JVNDB: JVNDB-2010-003778 // 
            
            
            
            BID: 38168 // 
            
            
            
            VULHUB: VH-CVE-2010-0143

REFERENCES
url:http://www.cisco.com/en/us/products/products_security_advisory09186a0080b17903.shtml
Trust: 1.6
url:http://www.cisco.com/en/us/products/products_applied_mitigation_bulletin09186a0080b17904.html
Trust: 1.6
url:http://secunia.com/advisories/38525
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0143
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0143
Trust: 0.8
url:http://www.ironport.com/products/ironport_encryption.html
Trust: 0.3
url:http://www.cisco.com/warp/public/707/cisco-sa-20100210-ironport.shtml
Trust: 0.3
sources:
            
            
            NVD: CVE-2010-0143 // 
            
            
            
            CNNVD: CNNVD-201002-108 // 
            
            
            
            JVNDB: JVNDB-2010-003778 // 
            
            
            
            BID: 38168

CREDITS
Jesse Michael and Alexander Senkevitch of Blue Cross Blue Shield of Illinois
Trust: 0.9
sources:
            
            
            CNNVD: CNNVD-201002-108 // 
            
            
            
            BID: 38168

SOURCES
db:NVDid:CVE-2010-0143
db:CNNVDid:CNNVD-201002-108
db:JVNDBid:JVNDB-2010-003778
db:BIDid:38168
db:VULHUBid:VH-CVE-2010-0143

LAST UPDATE DATE
2021-12-18T05:43:57.642000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2010-0143date:2010-02-26T07:10:00
db:CNNVDid:CNNVD-201002-108date:2010-02-12T00:00:00
db:JVNDBid:JVNDB-2010-003778date:2012-06-26T00:00:00
db:BIDid:38168date:2010-02-10T00:00:00
db:VULHUBid:VH-CVE-2010-0143date:2010-02-26T00:00:00

SOURCES RELEASE DATE
db:NVDid:CVE-2010-0143date:2010-02-11T17:30:00
db:CNNVDid:CNNVD-201002-108date:2010-02-11T00:00:00
db:JVNDBid:JVNDB-2010-003778date:2012-06-26T00:00:00
db:BIDid:38168date:2010-02-10T00:00:00
db:VULHUBid:VH-CVE-2010-0143date:2010-02-11T00:00:00