Sign-up

ID

VAR-201008-0111


CVE

CVE-2010-3135


TITLE

Cisco Packet Tracer Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-004273

DESCRIPTION

Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .pkt or .pkz file. Packet Tracer is a simulation software developed by Cisco for Cisco Network Technology Academy, which can be used to simulate CCNA experiments. An untrusted search path vulnerability exists in Cisco Packet Tracer version 5.2. ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Cisco Packet Tracer Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41125 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41125/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41125 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41125/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41125/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41125 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Packet Tracer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PKT file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions 5.1 and 5.2. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: CCNA ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14774 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2010-3135 // JVNDB: JVNDB-2010-004273 // VULHUB: VHN-45740 // PACKETSTORM: 93167

AFFECTED PRODUCTS

vendor:ciscomodel:packet tracerscope:eqversion:5.2

Trust: 2.4

sources: JVNDB: JVNDB-2010-004273 // CNNVD: CNNVD-201008-316 // NVD: CVE-2010-3135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3135
value: HIGH

Trust: 1.0

NVD: CVE-2010-3135
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201008-316
value: CRITICAL

Trust: 0.6

VULHUB: VHN-45740
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-3135
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-45740
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-45740 // JVNDB: JVNDB-2010-004273 // CNNVD: CNNVD-201008-316 // NVD: CVE-2010-3135

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2010-004273 // NVD: CVE-2010-3135

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201008-316

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201008-316

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004273

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-45740

PATCH
title:Top Pageurl:http://www.cisco.com/web/learning/netacad/course_catalog/PacketTracer.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-004273

EXTERNAL IDS
db:NVDid:CVE-2010-3135
Trust: 2.5
db:EXPLOIT-DBid:14774
Trust: 1.8
db:JVNDBid:JVNDB-2010-004273
Trust: 0.8
db:CNNVDid:CNNVD-201008-316
Trust: 0.7
db:SECUNIAid:41125
Trust: 0.2
db:SEEBUGid:SSVID-69693
Trust: 0.1
db:VULHUBid:VHN-45740
Trust: 0.1
db:PACKETSTORMid:93167
Trust: 0.1
sources:
            
            
            VULHUB: VHN-45740 // 
            
            
            
            JVNDB: JVNDB-2010-004273 // 
            
            
            
            PACKETSTORM: 93167 // 
            
            
            
            CNNVD: CNNVD-201008-316 // 
            
            
            
            NVD: CVE-2010-3135

REFERENCES
url:http://www.exploit-db.com/exploits/14774
Trust: 1.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/64483
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3135
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3135
Trust: 0.8
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=41125
Trust: 0.1
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/41125/
Trust: 0.1
url:http://secunia.com/_%22insecure%20library%20loading%22
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/advisories/41125/#comments
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-45740 // 
            
            
            
            JVNDB: JVNDB-2010-004273 // 
            
            
            
            PACKETSTORM: 93167 // 
            
            
            
            CNNVD: CNNVD-201008-316 // 
            
            
            
            NVD: CVE-2010-3135

CREDITS
Secunia
Trust: 0.1
sources:
            
            
            PACKETSTORM: 93167

SOURCES
db:VULHUBid:VHN-45740
db:JVNDBid:JVNDB-2010-004273
db:PACKETSTORMid:93167
db:CNNVDid:CNNVD-201008-316
db:NVDid:CVE-2010-3135

LAST UPDATE DATE
2025-04-11T22:56:37.553000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-45740date:2017-08-17T00:00:00
db:JVNDBid:JVNDB-2010-004273date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201008-316date:2010-09-03T00:00:00
db:NVDid:CVE-2010-3135date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-45740date:2010-08-26T00:00:00
db:JVNDBid:JVNDB-2010-004273date:2012-06-26T00:00:00
db:PACKETSTORMid:93167date:2010-08-26T15:29:50
db:CNNVDid:CNNVD-201008-316date:2010-08-30T00:00:00
db:NVDid:CVE-2010-3135date:2010-08-26T18:36:36.077