Sign-up

ID

VAR-200712-0410


CVE

CVE-2007-5580


TITLE

Windows upper Cisco Security Agent Arbitrary code execution vulnerability in certain drivers

Trust: 0.8

sources: JVNDB: JVNDB-2007-002807

DESCRIPTION

Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. Cisco Security Agent for Microsoft Windows is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data. Remote attackers can exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions. This issue affects all standalone and managed versions of Cisco Security Agent for Windows. A remote attacker might cause system with CSA installed to restart or BSOD. By sending carefully crafted data an attacker might cause remote code execution, thus gains complete control over the system. By default CSA allows access to TCP ports 139 and 445. After establishing a session to TCP ports 139 and 445, an attacker can complete an exploitation without any authentication simply by sending a single packet. Other Cisco software that uses CSA component is also affected. Workaround ============= * Restrict access to TCP ports 139 and 445. Vendor Status ============== 2007.09.27 Informed the vendor 2007.10.23 Vendor confirmed the vulnerability 2007.12.05 Vendor released a security advisory (cisco-sa-20071205-csa) and related patches. For more details about the Cisco security advisory, please refer to: http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml Additional Information ======================== The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-5580 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. Candidates may change significantly before they become official CVE entries. Acknowledgment =============== NSFOCUS Security Team DISCLAIMS ========== THE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS" WITHOUT WARRANTY OF ANY KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER EXPRESSED OR IMPLIED, EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO EVENT SHALL NSFOCUS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF NSFOCUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION OR REPRODUCTION OF THE INFORMATION IS PROVIDED THAT THE ADVISORY IS NOT MODIFIED IN ANY WAY. Copyright 1999-2007 NSFOCUS. All Rights Reserved. Terms of use. NSFocus Security Team <security@nsfocus.com> NSFOCUS INFORMATION TECHNOLOGY CO.,LTD (http://www.nsfocus.com) . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to a boundary error in an unspecified system driver used by the application and can be exploited to cause a buffer overflow via a specially crafted packet sent to port 139/TCP or 445/TCP. Successful exploitation may allow execution of arbitrary code. Please see the vendor's advisory for a list of Cisco products that include the agent. SOLUTION: Apply updates. http://www.cisco.com/pcgi-bin/tablebuild.pl/csm-app?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: The vendor credits NSFocus Security Team. ORIGINAL ADVISORY: Cisco (cisco-sa-20071205-csa): http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2007-5580 // JVNDB: JVNDB-2007-002807 // BID: 26723 // VULHUB: VHN-28942 // PACKETSTORM: 61561 // PACKETSTORM: 61542

AFFECTED PRODUCTS

vendor:ciscomodel:security agentscope:eqversion:4.0.1

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:5.0

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:5.1.79

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:5.2

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:5.0.193

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:5.0.0.201

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:4.0.3.728

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:4.5.1.639

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:4.0

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:5.1

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:2.1

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:4.5.1.659

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:4.5.1

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:4.0.3

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:4.5.1.657

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:4.5

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:4.0.2

Trust: 1.3

vendor:ciscomodel:security agentscope:eqversion:3

Trust: 1.0

vendor:ciscomodel:security agentscope:eqversion:5.0.0.225

Trust: 0.8

vendor:ciscomodel:security agentscope:eqversion:4.5.1.672

Trust: 0.8

vendor:ciscomodel:security agentscope:ltversion:4.5.1

Trust: 0.8

vendor:ciscomodel:security agentscope:ltversion:5.1

Trust: 0.8

vendor:ciscomodel:security agentscope:eqversion:5.1.0.106

Trust: 0.8

vendor:ciscomodel:security agentscope:ltversion:5.2

Trust: 0.8

vendor:ciscomodel:security agentscope:ltversion:5.0

Trust: 0.8

vendor:ciscomodel:security agentscope:eqversion:5.2.0.238

Trust: 0.8

vendor:ciscomodel:security agentscope:eqversion:3.x

Trust: 0.3

sources: BID: 26723 // JVNDB: JVNDB-2007-002807 // NVD: CVE-2007-5580

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-5580
value: HIGH

Trust: 1.0

NVD: CVE-2007-5580
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200712-412
value: MEDIUM

Trust: 0.6

VULHUB: VHN-28942
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-5580
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-28942
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-28942 // JVNDB: JVNDB-2007-002807 // CNNVD: CNNVD-200712-412 // NVD: CVE-2007-5580

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-28942 // JVNDB: JVNDB-2007-002807 // NVD: CVE-2007-5580

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 61561 // CNNVD: CNNVD-200712-412

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200712-412

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002807

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-28942

PATCH
title:cisco-sa-20071205-csaurl:http://www.cisco.com/en/US/products/csa/cisco-sa-20071205-csa.html
Trust: 0.8
title:Cisco Security Agent Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175104
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2007-002807 // 
            
            
            
            CNNVD: CNNVD-200712-412

EXTERNAL IDS
db:NVDid:CVE-2007-5580
Trust: 2.9
db:BIDid:26723
Trust: 2.0
db:SECUNIAid:27947
Trust: 1.8
db:SREASONid:3425
Trust: 1.7
db:VUPENid:ADV-2007-4103
Trust: 1.7
db:OSVDBid:39521
Trust: 1.7
db:SECTRACKid:1019046
Trust: 1.7
db:JVNDBid:JVNDB-2007-002807
Trust: 0.8
db:CISCOid:20071205 CISCO SECURITY AGENT FOR WINDOWS SYSTEM DRIVER REMOTE BUFFER OVERFLOW VULNERABILITY
Trust: 0.6
db:BUGTRAQid:20071206 NSFOCUS SA2007-02 : CISCO SECURITY AGENT REMOTE BUFFER OVERFLOW VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-200712-412
Trust: 0.6
db:PACKETSTORMid:61561
Trust: 0.2
db:VULHUBid:VHN-28942
Trust: 0.1
db:PACKETSTORMid:61542
Trust: 0.1
sources:
            
            
            VULHUB: VHN-28942 // 
            
            
            
            BID: 26723 // 
            
            
            
            JVNDB: JVNDB-2007-002807 // 
            
            
            
            PACKETSTORM: 61561 // 
            
            
            
            PACKETSTORM: 61542 // 
            
            
            
            CNNVD: CNNVD-200712-412 // 
            
            
            
            NVD: CVE-2007-5580

REFERENCES
url:http://www.nsfocus.com/english/homepage/research/0702.htm
Trust: 1.8
url:http://www.securityfocus.com/bid/26723
Trust: 1.7
url:http://www.cisco.com/en/us/products/products_security_advisory09186a008090a434.shtml
Trust: 1.7
url:http://osvdb.org/39521
Trust: 1.7
url:http://www.securitytracker.com/id?1019046
Trust: 1.7
url:http://secunia.com/advisories/27947
Trust: 1.7
url:http://securityreason.com/securityalert/3425
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/4103
Trust: 1.7
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscsl00618
Trust: 1.6
url:http://www.securityfocus.com/archive/1/484669/100/100/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5580
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5580
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/484669/100/100/threaded
Trust: 0.6
url:http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml
Trust: 0.5
url:http://www.cisco.com/en/us/products/sw/secursw/ps5057/index.html
Trust: 0.3
url:/archive/1/484625
Trust: 0.3
url:/archive/1/484669
Trust: 0.3
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&amp;bugid=cscsl00618
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2007-5580
Trust: 0.1
url:http://cve.mitre.org),
Trust: 0.1
url:http://www.nsfocus.com)
Trust: 0.1
url:http://www.cisco.com/pcgi-bin/tablebuild.pl/csm-app?psrtdcat20e2
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
Trust: 0.1
url:http://secunia.com/product/11019/
Trust: 0.1
url:http://secunia.com/product/2806/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/2867/
Trust: 0.1
url:http://secunia.com/advisories/27947/
Trust: 0.1
url:http://secunia.com/product/12423/
Trust: 0.1
url:http://secunia.com/product/5363/
Trust: 0.1
url:http://secunia.com/product/2869/
Trust: 0.1
url:http://secunia.com/product/4246/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://www.cisco.com/pcgi-bin/tablebuild.pl/csahf-crypto?psrtdcat20e2
Trust: 0.1
url:http://secunia.com/product/14776/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des?psrtdcat20e2
Trust: 0.1
url:http://secunia.com/product/2769/
Trust: 0.1
url:http://secunia.com/product/13662/
Trust: 0.1
url:http://secunia.com/product/2770/
Trust: 0.1
url:http://secunia.com/product/2868/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-28942 // 
            
            
            
            BID: 26723 // 
            
            
            
            JVNDB: JVNDB-2007-002807 // 
            
            
            
            PACKETSTORM: 61561 // 
            
            
            
            PACKETSTORM: 61542 // 
            
            
            
            CNNVD: CNNVD-200712-412 // 
            
            
            
            NVD: CVE-2007-5580

CREDITS
The vendor disclosed this issue.
Trust: 0.3
sources:
            
            
            BID: 26723

SOURCES
db:VULHUBid:VHN-28942
db:BIDid:26723
db:JVNDBid:JVNDB-2007-002807
db:PACKETSTORMid:61561
db:PACKETSTORMid:61542
db:CNNVDid:CNNVD-200712-412
db:NVDid:CVE-2007-5580

LAST UPDATE DATE
2024-11-23T22:43:18.934000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-28942date:2018-10-15T00:00:00
db:BIDid:26723date:2007-12-06T21:12:00
db:JVNDBid:JVNDB-2007-002807date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200712-412date:2021-12-20T00:00:00
db:NVDid:CVE-2007-5580date:2024-11-21T00:38:14.630

SOURCES RELEASE DATE
db:VULHUBid:VHN-28942date:2007-12-15T00:00:00
db:BIDid:26723date:2007-12-05T00:00:00
db:JVNDBid:JVNDB-2007-002807date:2012-06-26T00:00:00
db:PACKETSTORMid:61561date:2007-12-07T17:55:22
db:PACKETSTORMid:61542date:2007-12-07T16:22:07
db:CNNVDid:CNNVD-200712-412date:2007-12-14T00:00:00
db:NVDid:CVE-2007-5580date:2007-12-15T01:46:00