CVE-2010-0143

Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml	Patch Vendor Advisory
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html	Vendor Advisory
http://secunia.com/advisories/38525

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.1:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.2:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.6:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.5:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.4:::::::*
	cpe:2.3:h:cisco:ironport_postx:6.2.1:::::::*
	cpe:2.3:h:cisco:ironport_postx:6.2.2:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4.1:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.6:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.5:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.3:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.5:::::::*
	cpe:2.3:h:cisco:ironport_postx:6.2.2.2:::::::*
	cpe:2.3:h:cisco:ironport_encryption_appliance:6.5.0.1:::::::*
	cpe:2.3:h:cisco:ironport_postx:6.2.2.1:::::::*

Information

Published : 2010-02-11 09:30

Updated : 2010-02-25 23:10

NVD link : CVE-2010-0143

Mitre link : CVE-2010-0143

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

cisco

ironport_encryption_appliance
ironport_postx

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml", "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance", "tags": ["Patch", "Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html", "name": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/38525", "name": "38525", "tags": [], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-0143", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-02-11T17:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_postx:6.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_postx:6.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.2.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_postx:6.2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_encryption_appliance:6.5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:ironport_postx:6.2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-02-26T07:10Z"}

7.8 /10