CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
75.3%
The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | security_agent | 3 | cpe:2.3:a:cisco:security_agent:3:*:*:*:*:*:*:* |
cisco | security_agent | 4.0 | cpe:2.3:a:cisco:security_agent:4.0:*:*:*:*:*:*:* |
cisco | security_agent | 4.0.1 | cpe:2.3:a:cisco:security_agent:4.0.1:*:*:*:*:*:*:* |
cisco | security_agent | 4.0.2 | cpe:2.3:a:cisco:security_agent:4.0.2:*:*:*:*:*:*:* |
cisco | security_agent | 4.0.3 | cpe:2.3:a:cisco:security_agent:4.0.3:*:*:*:*:*:*:* |
okena | stormwatch | 3.x | cpe:2.3:a:okena:stormwatch:3.x:*:*:*:*:*:*:* |