Details of VAR-201110-0149

ID

VAR-201110-0149

CVE

CVE-2011-2042

TITLE

Cisco CiscoWorks Common Services Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2011-002626

DESCRIPTION

The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018. Cisco CiscoWorks Common Services is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. This issue is tracked by Cisco BugId CSCsk35018

Trust: 1.98

sources: NVD: CVE-2011-2042 // JVNDB: JVNDB-2011-002626 // BID: 50376 // VULHUB: VHN-49987

AFFECTED PRODUCTS

vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	3.0.3	Trust: 1.9
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	3.1	Trust: 1.9
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	3.0.5	Trust: 1.9
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	3.0.4	Trust: 1.9
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	3.2	Trust: 1.9
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	3.0.6	Trust: 1.9
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	3.0	Trust: 1.9
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	3.3	Trust: 1.9
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	3.1.1	Trust: 1.9
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	4.0.1	Trust: 1.6
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	4.1	Trust: 0.8
vendor:	cisco	model:	ciscoworks common services	scope:	lt	version:	4.x	Trust: 0.8
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	3.x	Trust: 0.8
vendor:	cisco	model:	ciscoworks common services base	scope:	eq	version:	3.3	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services base	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services base	scope:	eq	version:	3.6	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services base	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services base	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services base	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services	scope:	ne	version:	4.1	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services	scope:	eq	version:	3.3.0	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services base	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	cisco	model:	ciscoworks common services base	scope:	eq	version:	3.0.6	Trust: 0.3

sources: BID: 50376 // JVNDB: JVNDB-2011-002626 // CNNVD: CNNVD-201110-565 // NVD: CVE-2011-2042

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2042
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-2042
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201110-565
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-49987
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-2042
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-49987
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-49987 // JVNDB: JVNDB-2011-002626 // CNNVD: CNNVD-201110-565 // NVD: CVE-2011-2042

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-49987 // JVNDB: JVNDB-2011-002626 // NVD: CVE-2011-2042

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-565

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201110-565

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-002626

PATCH

title:

cs33rel

url:

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html

Trust: 0.8

sources: JVNDB: JVNDB-2011-002626

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2042	Trust: 2.8
db:	JVNDB	id:	JVNDB-2011-002626	Trust: 0.8
db:	CNNVD	id:	CNNVD-201110-565	Trust: 0.7
db:	NSFOCUS	id:	18038	Trust: 0.6
db:	BID	id:	50376	Trust: 0.4
db:	VULHUB	id:	VHN-49987	Trust: 0.1

sources: VULHUB: VHN-49987 // BID: 50376 // JVNDB: JVNDB-2011-002626 // CNNVD: CNNVD-201110-565 // NVD: CVE-2011-2042

REFERENCES

url:	http://www.cisco.com/en/us/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2042	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2042	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/18038	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-49987 // BID: 50376 // JVNDB: JVNDB-2011-002626 // CNNVD: CNNVD-201110-565 // NVD: CVE-2011-2042

CREDITS

Cisco

Trust: 0.3

sources: BID: 50376

SOURCES

db:	VULHUB	id:	VHN-49987
db:	BID	id:	50376
db:	JVNDB	id:	JVNDB-2011-002626
db:	CNNVD	id:	CNNVD-201110-565
db:	NVD	id:	CVE-2011-2042

LAST UPDATE DATE

2024-11-23T22:39:15.537000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-49987	date:	2012-05-14T00:00:00
db:	BID	id:	50376	date:	2011-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2011-002626	date:	2011-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201110-565	date:	2011-10-24T00:00:00
db:	NVD	id:	CVE-2011-2042	date:	2024-11-21T01:27:30.750

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-49987	date:	2011-10-22T00:00:00
db:	BID	id:	50376	date:	2011-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2011-002626	date:	2011-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201110-565	date:	2011-10-24T00:00:00
db:	NVD	id:	CVE-2011-2042	date:	2011-10-22T02:59:19.103