Details of VAR-201002-0068

ID

VAR-201002-0068

CVE

CVE-2010-0145

TITLE

Cisco IronPort Encryption Appliance Etc. HTTPS Vulnerability in arbitrary code execution on server

Trust: 0.8

sources: JVNDB: JVNDB-2010-003780

DESCRIPTION

Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923. Cisco IronPort Encryption Appliance is prone to a remote code-execution vulnerability. This vulnerability is documented by IronPort bug 65923. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition

Trust: 1.98

sources: NVD: CVE-2010-0145 // JVNDB: JVNDB-2010-003780 // BID: 38169 // VULHUB: VH-CVE-2010-0145

AFFECTED PRODUCTS

vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.5	Trust: 1.9
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7	Trust: 1.9
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.6	Trust: 1.9
vendor:	cisco	model:	ironport postx	scope:	eq	version:	6.2.2.2	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.5	Trust: 1.6
vendor:	cisco	model:	ironport postx	scope:	eq	version:	6.2.1	Trust: 1.6
vendor:	cisco	model:	ironport postx	scope:	eq	version:	6.2.2	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.5.0.1	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.6	Trust: 1.6
vendor:	cisco	model:	ironport postx	scope:	eq	version:	6.2.2.1	Trust: 1.6
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.5	Trust: 1.3
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.4	Trust: 1.3
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.3	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.4.1	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.1	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.4	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.7.2	Trust: 1.0
vendor:	cisco	model:	ironport encryption appliance	scope:	lt	version:	6.2.9.1	Trust: 0.8
vendor:	cisco	model:	ironport postx map	scope:	eq	version:	6.2.9	Trust: 0.3
vendor:	cisco	model:	ironport postx map	scope:	eq	version:	6.2	Trust: 0.3
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.52	Trust: 0.3
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.34	Trust: 0.3
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.9	Trust: 0.3
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.77	Trust: 0.3
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.2.41	Trust: 0.3
vendor:	cisco	model:	ironport encryption appliance	scope:	eq	version:	6.3	Trust: 0.3
vendor:	cisco	model:	ironport postx map	scope:	ne	version:	6.2.9.1	Trust: 0.3
vendor:	cisco	model:	ironport encryption appliance	scope:	ne	version:	6.5.2	Trust: 0.3
vendor:	cisco	model:	ironport encryption appliance	scope:	ne	version:	6.2.9.1	Trust: 0.3

sources: NVD: CVE-2010-0145 // CNNVD: CNNVD-201002-110 // JVNDB: JVNDB-2010-003780 // BID: 38169

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2010-0145
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-201002-110
value:	CRITICAL
Trust: 0.6
VUL-HUB:	VH-CVE-2010-0145
value:	HIGH RISK
Trust: 0.1

NVD:	CVE-2010-0145
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.8
VULHUB:	VH-CVE-2010-0145
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: NVD: CVE-2010-0145 // CNNVD: CNNVD-201002-110 // JVNDB: JVNDB-2010-003780 // VULHUB: VH-CVE-2010-0145

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-0145

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201002-110

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201002-110

CONFIGURATIONS

sources: NVD: CVE-2010-0145

PATCH

title:	Multiple Vulnerabilities in Cisco IronPort Encryption Appliance	url:	http://www.cisco.com/en/us/products/csa/cisco-sa-20100210-ironport.html	Trust: 0.8
title:	Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in IronPort Encryption Appliance	url:	http://www.cisco.com/c/en/us/support/docs/cmb/cisco-amb-20100210-ironport.html	Trust: 0.8
title:	cisco-sa-20100210-ironport	url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20100210-ironport	Trust: 0.8
title:	19879	url:	http://tools.cisco.com/security/center/viewalert.x?alertid=19879	Trust: 0.8
title:	cisco-sa-20100210-ironport	url:	http://www.cisco.com/cisco/web/support/jp/113/1136/1136140_cisco-sa-20100210-ironport-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2010-003780

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0145	Trust: 2.8
db:	SECUNIA	id:	38525	Trust: 1.0
db:	JVNDB	id:	JVNDB-2010-003780	Trust: 0.8
db:	CNNVD	id:	CNNVD-201002-110	Trust: 0.7
db:	CISCO	id:	20100210 MULTIPLE VULNERABILITIES IN CISCO IRONPORT ENCRYPTION APPLIANCE	Trust: 0.6
db:	BID	id:	38169	Trust: 0.3
db:	VULHUB	id:	VH-CVE-2010-0145	Trust: 0.1

sources: NVD: CVE-2010-0145 // CNNVD: CNNVD-201002-110 // JVNDB: JVNDB-2010-003780 // BID: 38169 // VULHUB: VH-CVE-2010-0145

REFERENCES

url:	http://www.cisco.com/en/us/products/products_applied_mitigation_bulletin09186a0080b17904.html	Trust: 1.6
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a0080b17903.shtml	Trust: 1.6
url:	http://secunia.com/advisories/38525	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0145	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0145	Trust: 0.8
url:	http://www.ironport.com/products/ironport_encryption.html	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sa-20100210-ironport.shtml	Trust: 0.3

sources: NVD: CVE-2010-0145 // CNNVD: CNNVD-201002-110 // JVNDB: JVNDB-2010-003780 // BID: 38169

CREDITS

Jesse Michael and Alexander Senkevitch of Blue Cross Blue Shield of Illinois

Trust: 0.6

sources: CNNVD: CNNVD-201002-110

SOURCES

db:	NVD	id:	CVE-2010-0145
db:	CNNVD	id:	CNNVD-201002-110
db:	JVNDB	id:	JVNDB-2010-003780
db:	BID	id:	38169
db:	VULHUB	id:	VH-CVE-2010-0145

LAST UPDATE DATE

2021-12-18T05:43:58.950000+00:00

SOURCES UPDATE DATE

db:	NVD	id:	CVE-2010-0145	date:	2010-02-26T07:10:00
db:	CNNVD	id:	CNNVD-201002-110	date:	2010-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2010-003780	date:	2012-06-26T00:00:00
db:	BID	id:	38169	date:	2010-02-10T00:00:00
db:	VULHUB	id:	VH-CVE-2010-0145	date:	2010-02-26T00:00:00

SOURCES RELEASE DATE

db:	NVD	id:	CVE-2010-0145	date:	2010-02-11T17:30:00
db:	CNNVD	id:	CNNVD-201002-110	date:	2010-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2010-003780	date:	2012-06-26T00:00:00
db:	BID	id:	38169	date:	2010-02-10T00:00:00
db:	VULHUB	id:	VH-CVE-2010-0145	date:	2010-02-11T00:00:00