CVE-2011-2042

The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:ciscoworks_common_services:3.0:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.0.3:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.0.4:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.1:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.2:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:3.3:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_services:4.0.1:::::::*

History

No history.

Information

Published : 2011-10-22 02:59

Updated : 2024-02-04 17:54

NVD link : CVE-2011-2042

Mitre link : CVE-2011-2042

CVE.ORG link : CVE-2011-2042

JSON object : View

Products Affected

cisco

ciscoworks_common_services

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2011-2042", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-10-22T02:59:19.103", "references": [{"url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018."}, {"lang": "es", "value": "El componente de base de datos Sybase SQL Anywhere de Cisco CiscoWorks Common Services v3.x y v4.x anterior a v4.1 permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible acerca del nombre del motor y el puerto de la base de datos a trav\u00e9s de una petici\u00f3n no especificada para el puerto UDP 2638, tambi\u00e9n conocido como Bug ID CSCsk35018."}], "lastModified": "2012-05-14T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A94D689-5C27-4F34-806F-CD107ADF9893"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C905C4D-58D5-46E3-944F-53DCB147B34C"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B91D77A-A96A-4A64-AFFE-7ECE001D2038"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88AD3EC2-36B1-4E34-BD7F-B1D02B32178A"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CC9C408-0BE2-45A6-ACB3-B9EBB22BC773"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "499CD64C-8692-4BE7-8F5E-5964ACDA1972"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2152A29-7074-4659-AA8A-BB3E793ED4A6"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "518309CD-F453-4B0B-8C1D-E534CE0E336B"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22DE1462-59AC-40BE-89DF-AB43CA3EC7BE"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A06E304-2CEA-403E-A520-5E5B54489CFC"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}