Sign-up

ID

VAR-201102-0114


CVE

CVE-2011-0926


TITLE

Cisco Secure Desktop Vulnerabilities in downloading unintended programs

Trust: 0.8

sources: JVNDB: JVNDB-2011-003093

DESCRIPTION

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within CSDWebInstaller.ocx ActiveX control. Cisco Secure Desktop is a risk that can reduce the risk of cookies, browser history, temporary files, and downloads left on the system after remote user logout or SSL VPN session timeouts are encrypted. The CSDWebInstaller.ocx ActiveX control has a flaw. Attackers may exploit this issue to put malicious files in arbitrary locations on a victim's computer. remaining risks. -- Vendor Response: February 23, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. -- Mitigations: Cisco states that they will have a patch for this issue on March 31st, 2011. In the meantime, we suggest users implement the mitigations below. The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibilty Flags DWORD within the following location in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\705EC6D4-B138-4079-A307-EF13E4889A82 If the Compatibility Flags value is set to 0x00000400 the control can no longer be instantiated inside the browser. For more information, please see: http://support.microsoft.com/kb/240797 -- Disclosure Timeline: 2010-09-14 - Vulnerability reported to vendor 2011-02-23 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by:full * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 3.24

sources: NVD: CVE-2011-0926 // JVNDB: JVNDB-2011-003093 // ZDI: ZDI-11-091 // CNVD: CNVD-2011-0759 // BID: 46536 // VULHUB: VHN-48871 // PACKETSTORM: 98692

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-0759

AFFECTED PRODUCTS

vendor:ciscomodel:secure desktopscope: - version: -

Trust: 2.1

vendor:ciscomodel:secure desktopscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:secure desktopscope:eqversion:3.1

Trust: 0.9

vendor:ciscomodel:secure desktopscope:eqversion:3.1.1.33

Trust: 0.9

vendor:ciscomodel:secure desktopscope:eqversion:3.1.1.45

Trust: 0.9

vendor:ciscomodel:secure desktopscope:eqversion:3.2

Trust: 0.9

vendor:ciscomodel:secure desktopscope:eqversion:3.1.1

Trust: 0.9

vendor:ciscomodel:secure desktopscope:eqversion:3.4.2048

Trust: 0.9

vendor:ciscomodel:secure desktopscope:eqversion:3.5.841

Trust: 0.9

vendor:ciscomodel:secure desktopscope:eqversion:3.5.1077

Trust: 0.9

sources: ZDI: ZDI-11-091 // CNVD: CNVD-2011-0759 // BID: 46536 // JVNDB: JVNDB-2011-003093 // CNNVD: CNNVD-201102-366 // NVD: CVE-2011-0926

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0926
value: HIGH

Trust: 1.0

NVD: CVE-2011-0926
value: HIGH

Trust: 0.8

ZDI: CVE-2011-0926
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201102-366
value: CRITICAL

Trust: 0.6

VULHUB: VHN-48871
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-0926
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2011-0926
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-48871
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-11-091 // VULHUB: VHN-48871 // JVNDB: JVNDB-2011-003093 // CNNVD: CNNVD-201102-366 // NVD: CVE-2011-0926

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-48871 // JVNDB: JVNDB-2011-003093 // NVD: CVE-2011-0926

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 98692 // CNNVD: CNNVD-201102-366

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201102-366

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003093

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-48871

PATCH
title:Top Pageurl:http://www.cisco.com/
Trust: 0.8
title:February 28, 2011 Vendor provided: 23, 2011 - This vulnerability is being disclosed publiclywithout a patch in accordance with the ZDI 180 day deadline.-- Mitigations:Cisco states that they will have a patch for this issue on March 31st, 2011. In the meantime, we suggest users implement the mitigations below.The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibilty Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveXCompatibility\705EC6D4-B138-4079-A307-EF13E4889A82If the Compatibility Flags value is set to 0x00000400 the control can no longer be instantiated inside the browser. For more information, please see: http://support.microsoft.com/kb/240797url:http://tools.cisco.com/security/center/viewAlert.x?alertId=22529---February
Trust: 0.7
sources:
            
            
            ZDI: ZDI-11-091 // 
            
            
            
            JVNDB: JVNDB-2011-003093

EXTERNAL IDS
db:NVDid:CVE-2011-0926
Trust: 4.2
db:ZDIid:ZDI-11-091
Trust: 3.4
db:BIDid:46536
Trust: 1.4
db:SREASONid:8105
Trust: 1.1
db:SECTRACKid:1025118
Trust: 1.1
db:VUPENid:ADV-2011-0513
Trust: 1.1
db:JVNDBid:JVNDB-2011-003093
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-861
Trust: 0.7
db:CNNVDid:CNNVD-201102-366
Trust: 0.7
db:CNVDid:CNVD-2011-0759
Trust: 0.6
db:NSFOCUSid:16504
Trust: 0.6
db:BUGTRAQid:20110223 ZDI-11-091: (0DAY) CISCO SECURE DESKTOP CSDWEBINSTALLER REMOTE CODE EXECUTION VULNERABILITY
Trust: 0.6
db:PACKETSTORMid:98692
Trust: 0.2
db:VULHUBid:VHN-48871
Trust: 0.1
sources:
            
            
            ZDI: ZDI-11-091 // 
            
            
            
            CNVD: CNVD-2011-0759 // 
            
            
            
            VULHUB: VHN-48871 // 
            
            
            
            BID: 46536 // 
            
            
            
            JVNDB: JVNDB-2011-003093 // 
            
            
            
            PACKETSTORM: 98692 // 
            
            
            
            CNNVD: CNNVD-201102-366 // 
            
            
            
            NVD: CVE-2011-0926

REFERENCES
url:http://www.zerodayinitiative.com/advisories/zdi-11-091/
Trust: 2.6
url:http://www.securityfocus.com/bid/46536
Trust: 1.1
url:http://www.securityfocus.com/archive/1/516647/100/0/threaded
Trust: 1.1
url:http://www.securitytracker.com/id?1025118
Trust: 1.1
url:http://securityreason.com/securityalert/8105
Trust: 1.1
url:http://www.vupen.com/english/advisories/2011/0513
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/65755
Trust: 1.1
url:http://support.microsoft.com/kb/240797
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0926
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0926
Trust: 0.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=22529---february
Trust: 0.7
url:http://www.securityfocus.com/archive/1/archive/1/516647/100/0/threaded
Trust: 0.6
url:http://www.nsfocus.net/vulndb/16504
Trust: 0.6
url:http://tools.cisco.com/security/center/viewalert.x?alertid=22529
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps6742/tsd_products_support_series_home.html
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/disclosure_policy/
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-11-091
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-0926
Trust: 0.1
url:http://twitter.com/thezdi
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
url:http://www.zerodayinitiative.com
Trust: 0.1
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.1
sources:
            
            
            ZDI: ZDI-11-091 // 
            
            
            
            CNVD: CNVD-2011-0759 // 
            
            
            
            VULHUB: VHN-48871 // 
            
            
            
            BID: 46536 // 
            
            
            
            JVNDB: JVNDB-2011-003093 // 
            
            
            
            PACKETSTORM: 98692 // 
            
            
            
            CNNVD: CNNVD-201102-366 // 
            
            
            
            NVD: CVE-2011-0926

CREDITS
Anonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-11-091

SOURCES
db:ZDIid:ZDI-11-091
db:CNVDid:CNVD-2011-0759
db:VULHUBid:VHN-48871
db:BIDid:46536
db:JVNDBid:JVNDB-2011-003093
db:PACKETSTORMid:98692
db:CNNVDid:CNNVD-201102-366
db:NVDid:CVE-2011-0926

LAST UPDATE DATE
2025-04-11T22:56:28.534000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-11-091date:2011-02-28T00:00:00
db:CNVDid:CNVD-2011-0759date:2011-02-24T00:00:00
db:VULHUBid:VHN-48871date:2018-10-09T00:00:00
db:BIDid:46536date:2011-03-07T17:48:00
db:JVNDBid:JVNDB-2011-003093date:2011-11-29T00:00:00
db:CNNVDid:CNNVD-201102-366date:2011-02-28T00:00:00
db:NVDid:CVE-2011-0926date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:ZDIid:ZDI-11-091date:2011-02-28T00:00:00
db:CNVDid:CNVD-2011-0759date:2011-02-24T00:00:00
db:VULHUBid:VHN-48871date:2011-02-25T00:00:00
db:BIDid:46536date:2011-02-23T00:00:00
db:JVNDBid:JVNDB-2011-003093date:2011-11-29T00:00:00
db:PACKETSTORMid:98692date:2011-02-24T01:23:15
db:CNNVDid:CNNVD-201102-366date:2011-02-28T00:00:00
db:NVDid:CVE-2011-0926date:2011-02-25T18:00:01.277