Search criteria
4 vulnerabilities found for stormwatch by okena
VAR-200501-0258
Vulnerability from variot - Updated: 2023-12-18 13:35The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period. This aids attackers in exploiting latent vulnerabilities in services protected by the affected package. Versions prior to 4.0.3.728 are reported susceptible to this vulnerability. Versions before CAS4.0.3build728 do not properly handle buffer overflow attacks. If the user has no choice, it will choose to terminate the operation by default. If the attacker continues to carry out the overflow attack during this period of time waiting for the user response, it will be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200501-0258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "stormwatch",
"scope": "eq",
"trust": 1.9,
"vendor": "okena",
"version": "3.x"
},
{
"model": "security agent",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "4.0.3"
},
{
"model": "security agent",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "4.0.2"
},
{
"model": "security agent",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"model": "security agent",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "security agent",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3"
},
{
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.x"
},
{
"model": "security agent",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.3.728"
}
],
"sources": [
{
"db": "BID",
"id": "11659"
},
{
"db": "NVD",
"id": "CVE-2004-1112"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-034"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:security_agent:3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:security_agent:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:security_agent:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:okena:stormwatch:3.x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:security_agent:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:security_agent:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1112"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PSIRT\u203b psirt@cisco.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-034"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1112",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-9542",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1112",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200501-034",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-9542",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9542"
},
{
"db": "NVD",
"id": "CVE-2004-1112"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-034"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period. This aids attackers in exploiting latent vulnerabilities in services protected by the affected package. \nVersions prior to 4.0.3.728 are reported susceptible to this vulnerability. Versions before CAS4.0.3build728 do not properly handle buffer overflow attacks. If the user has no choice, it will choose to terminate the operation by default. If the attacker continues to carry out the overflow attack during this period of time waiting for the user response, it will be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1112"
},
{
"db": "BID",
"id": "11659"
},
{
"db": "VULHUB",
"id": "VHN-9542"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11659",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-1112",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200501-034",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20041111 CRAFTED TIMED ATTACK EVADES CISCO SECURITY AGENT PROTECTIONS",
"trust": 0.6
},
{
"db": "XF",
"id": "18037",
"trust": 0.6
},
{
"db": "CIAC",
"id": "P-036",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-9542",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9542"
},
{
"db": "BID",
"id": "11659"
},
{
"db": "NVD",
"id": "CVE-2004-1112"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-034"
}
]
},
"id": "VAR-200501-0258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9542"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:44.704000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1112"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11659"
},
{
"trust": 1.7,
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/18037"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/secursw/ps5057/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9542"
},
{
"db": "BID",
"id": "11659"
},
{
"db": "NVD",
"id": "CVE-2004-1112"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-034"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9542"
},
{
"db": "BID",
"id": "11659"
},
{
"db": "NVD",
"id": "CVE-2004-1112"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-034"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-9542"
},
{
"date": "2004-11-11T00:00:00",
"db": "BID",
"id": "11659"
},
{
"date": "2005-01-10T05:00:00",
"db": "NVD",
"id": "CVE-2004-1112"
},
{
"date": "2004-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-034"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9542"
},
{
"date": "2004-11-11T00:00:00",
"db": "BID",
"id": "11659"
},
{
"date": "2017-07-11T01:30:45.137000",
"db": "NVD",
"id": "CVE-2004-1112"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-034"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-034"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco CSA Bypass security mechanism vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-034"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-034"
}
],
"trust": 0.6
}
}
FKIE_CVE-2004-1112
Vulnerability from fkie_nvd - Published: 2005-01-10 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | security_agent | 3 | |
| cisco | security_agent | 4.0 | |
| cisco | security_agent | 4.0.1 | |
| cisco | security_agent | 4.0.2 | |
| cisco | security_agent | 4.0.3 | |
| okena | stormwatch | 3.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:security_agent:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F15A5A49-D0DF-4E65-A86E-7B71E7BF0273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1089218C-A480-49CF-A499-5ABDAD017B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA5B2E7-203D-4340-80C1-3CAF1A15A36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "612862DD-0FEE-4FBE-8750-EFC7BA22E792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:security_agent:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "845D746E-3269-4E43-836B-486331EC14EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:okena:stormwatch:3.x:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBF27E6-425B-4B62-BAF4-AF46D2C38C0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period."
}
],
"id": "CVE-2004-1112",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11659"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2004-1112 (GCVE-0-2004-1112)
Vulnerability from cvelistv5 – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:39
VLAI?
Summary
The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11659",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11659"
},
{
"name": "csa-buffer-protection-bypass(18037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"name": "20041111 Crafted Timed Attack Evades Cisco Security Agent Protections",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"name": "P-036",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11659",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11659"
},
{
"name": "csa-buffer-protection-bypass(18037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"name": "20041111 Crafted Timed Attack Evades Cisco Security Agent Protections",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"name": "P-036",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11659"
},
{
"name": "csa-buffer-protection-bypass(18037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"name": "20041111 Crafted Timed Attack Evades Cisco Security Agent Protections",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"name": "P-036",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1112",
"datePublished": "2004-12-01T05:00:00",
"dateReserved": "2004-11-30T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1112 (GCVE-0-2004-1112)
Vulnerability from nvd – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:39
VLAI?
Summary
The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11659",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11659"
},
{
"name": "csa-buffer-protection-bypass(18037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"name": "20041111 Crafted Timed Attack Evades Cisco Security Agent Protections",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"name": "P-036",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11659",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11659"
},
{
"name": "csa-buffer-protection-bypass(18037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"name": "20041111 Crafted Timed Attack Evades Cisco Security Agent Protections",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"name": "P-036",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11659"
},
{
"name": "csa-buffer-protection-bypass(18037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18037"
},
{
"name": "20041111 Crafted Timed Attack Evades Cisco Security Agent Protections",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml"
},
{
"name": "P-036",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-036.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1112",
"datePublished": "2004-12-01T05:00:00",
"dateReserved": "2004-11-30T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}