CVE-2010-0589

Published Apr 15, 2010

Last updated a month ago

CVSS info 9.3

Overview

Description: The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.
Source: psirt@cisco.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B5E0489-A3D0-4FA8-BF36-7C329090F075",
            "versionEndIncluding": "3.5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EE6B79A-FD31-4637-BE22-EEADF63B94FF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F2F8EA5-8DEF-48D0-9E7F-6047D4AECC5C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59D841B0-3D1B-4F1C-87F1-D0355955E49C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:3.1.1.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F13E414E-E56E-496E-A952-F93DCF1B1BDC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D7A8878-2E0F-4140-86DF-75999B47E4F5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4932BA9E-4156-4445-93E9-7A9F1D81090B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3497EB29-C406-44C1-AB28-0DDC4E79A9D9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C63D54D-6424-4767-9832-41E7F0B1D1E9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4D4CF6F-2F81-45B0-9B5B-C8D79E74D6F4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA0286A4-6011-41DF-B607-44CFBBFD437F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:3.4.2048:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE277431-4101-4C0F-91DB-A1C15C0344FF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References