Details of VAR-201102-0113

ID

VAR-201102-0113

CVE

CVE-2011-0925

TITLE

Cisco Secure Desktop Vulnerabilities in downloading unintended programs

Trust: 0.8

sources: JVNDB: JVNDB-2011-003094

DESCRIPTION

The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within CSDWebInstaller.ocx. The CSDWebInstallerCtrl ActiveX control allows downloading and executing any Cisco-signed executable files. By renaming a Cisco-signed executable file to inst.exe and putting it on a webserver, an attacker can subsequently exploit vulnerabilities in the Cisco-signed executable file remotely. Cisco Secure Desktop is a risk that can reduce the risk of cookies, browser history, temporary files, and downloads left on the system after remote user logout or SSL VPN session timeouts are encrypted. CSDWebInstaller.ocx is defective. Attackers may exploit this issue to put malicious files in arbitrary locations on a victim's computer. remaining risks. The specific flaw exists within CSDWebInstaller.ocx. -- Vendor Response: February 23, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. -- Mitigations: Cisco states that they will have a patch for this issue on March 31st, 2011. In the meantime, we suggest users implement the mitigations below. The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibilty Flags DWORD within the following location in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\705EC6D4-B138-4079-A307-EF13E4889A82 If the Compatibility Flags value is set to 0x00000400 the control can no longer be instantiated inside the browser. For more information, please see: http://support.microsoft.com/kb/240797 -- Disclosure Timeline: 2010-08-25 - Vulnerability reported to vendor 2011-02-23 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Trust: 3.24

sources: NVD: CVE-2011-0925 // JVNDB: JVNDB-2011-003094 // ZDI: ZDI-11-092 // CNVD: CNVD-2011-0753 // BID: 46538 // VULHUB: VHN-48870 // PACKETSTORM: 98693

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-0753

AFFECTED PRODUCTS

vendor:	cisco	model:	secure desktop	scope:	-	version:	-	Trust: 2.1
vendor:	cisco	model:	secure desktop	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1	Trust: 0.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1.1.33	Trust: 0.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1.1.45	Trust: 0.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.2	Trust: 0.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1.1	Trust: 0.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.4.2048	Trust: 0.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.5.841	Trust: 0.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.5.1077	Trust: 0.9

sources: ZDI: ZDI-11-092 // CNVD: CNVD-2011-0753 // BID: 46538 // JVNDB: JVNDB-2011-003094 // CNNVD: CNNVD-201102-378 // NVD: CVE-2011-0925

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-0925
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-0925
value:	HIGH
Trust: 0.8
ZDI:	CVE-2011-0925
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201102-378
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-48870
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2011-0925
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2011-0925
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-48870
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-11-092 // VULHUB: VHN-48870 // JVNDB: JVNDB-2011-003094 // CNNVD: CNNVD-201102-378 // NVD: CVE-2011-0925

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-48870 // JVNDB: JVNDB-2011-003094 // NVD: CVE-2011-0925

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 98693 // CNNVD: CNNVD-201102-378

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201102-378

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003094

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-48870

PATCH

title:	Top Page	url:	http://www.cisco.com/	Trust: 0.8
title:	February 28, 2011 Vendor provided: 23, 2011 - This vulnerability is being disclosed publiclywithout a patch in accordance with the ZDI 180 day deadline.-- Mitigations:Cisco states that they will have a patch for this issue on March 31st, 2011. In the meantime, we suggest users implement the mitigations below.The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibilty Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveXCompatibility\705EC6D4-B138-4079-A307-EF13E4889A82If the Compatibility Flags value is set to 0x00000400 the control can no longer be instantiated inside the browser. For more information, please see: http://support.microsoft.com/kb/240797	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=22528---February	Trust: 0.7

sources: ZDI: ZDI-11-092 // JVNDB: JVNDB-2011-003094

EXTERNAL IDS

db:	NVD	id:	CVE-2011-0925	Trust: 4.2
db:	ZDI	id:	ZDI-11-092	Trust: 3.4
db:	BID	id:	46538	Trust: 1.4
db:	SECTRACK	id:	1025118	Trust: 1.1
db:	SREASON	id:	8108	Trust: 1.1
db:	VUPEN	id:	ADV-2011-0513	Trust: 1.1
db:	JVNDB	id:	JVNDB-2011-003094	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-862	Trust: 0.7
db:	CNNVD	id:	CNNVD-201102-378	Trust: 0.7
db:	CNVD	id:	CNVD-2011-0753	Trust: 0.6
db:	BUGTRAQ	id:	20110223 ZDI-11-092: (0DAY) CISCO SECURE DESKTOP CSDWEBINSTALLER ACTIVEX CONTROL CLEANER.CAB REMOTE CODE EXECUTION VULNERABILITY	Trust: 0.6
db:	NSFOCUS	id:	16503	Trust: 0.6
db:	PACKETSTORM	id:	98693	Trust: 0.2
db:	VULHUB	id:	VHN-48870	Trust: 0.1

sources: ZDI: ZDI-11-092 // CNVD: CNVD-2011-0753 // VULHUB: VHN-48870 // BID: 46538 // JVNDB: JVNDB-2011-003094 // PACKETSTORM: 98693 // CNNVD: CNNVD-201102-378 // NVD: CVE-2011-0925

REFERENCES

url:	http://zerodayinitiative.com/advisories/zdi-11-092/	Trust: 1.7
url:	http://www.securityfocus.com/bid/46538	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/516648/100/0/threaded	Trust: 1.1
url:	http://www.securitytracker.com/id?1025118	Trust: 1.1
url:	http://securityreason.com/securityalert/8108	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/0513	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/65754	Trust: 1.1
url:	http://www.zerodayinitiative.com/advisories/zdi-11-092/	Trust: 0.9
url:	http://support.microsoft.com/kb/240797	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0925	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0925	Trust: 0.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=22528---february	Trust: 0.7
url:	http://www.securityfocus.com/archive/1/archive/1/516648/100/0/threaded	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/16503	Trust: 0.6
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=22528	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps6742/tsd_products_support_series_home.html	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/disclosure_policy/	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	http://twitter.com/thezdi	Trust: 0.1
url:	http://www.tippingpoint.com	Trust: 0.1
url:	http://www.zerodayinitiative.com	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1
url:	http://www.zerodayinitiative.com/advisories/zdi-11-092	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0925	Trust: 0.1

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-11-092

SOURCES

db:	ZDI	id:	ZDI-11-092
db:	CNVD	id:	CNVD-2011-0753
db:	VULHUB	id:	VHN-48870
db:	BID	id:	46538
db:	JVNDB	id:	JVNDB-2011-003094
db:	PACKETSTORM	id:	98693
db:	CNNVD	id:	CNNVD-201102-378
db:	NVD	id:	CVE-2011-0925

LAST UPDATE DATE

2024-11-23T22:39:17.346000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-11-092	date:	2011-02-28T00:00:00
db:	CNVD	id:	CNVD-2011-0753	date:	2011-02-24T00:00:00
db:	VULHUB	id:	VHN-48870	date:	2018-10-09T00:00:00
db:	BID	id:	46538	date:	2015-03-19T08:49:00
db:	JVNDB	id:	JVNDB-2011-003094	date:	2011-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201102-378	date:	2011-03-01T00:00:00
db:	NVD	id:	CVE-2011-0925	date:	2024-11-21T01:25:10.940

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-11-092	date:	2011-02-28T00:00:00
db:	CNVD	id:	CNVD-2011-0753	date:	2011-02-24T00:00:00
db:	VULHUB	id:	VHN-48870	date:	2011-02-28T00:00:00
db:	BID	id:	46538	date:	2011-02-23T00:00:00
db:	JVNDB	id:	JVNDB-2011-003094	date:	2011-11-29T00:00:00
db:	PACKETSTORM	id:	98693	date:	2011-02-24T01:23:43
db:	CNNVD	id:	CNNVD-201102-378	date:	2011-02-28T00:00:00
db:	NVD	id:	CVE-2011-0925	date:	2011-02-28T16:00:01.320