Detections
Analytics

Multiple Vulnerabilities in Cisco Security Agent (cisco-sa-20100217-csa)

medium Nessus Plugin ID 69952

Language:

Synopsis

The remote host has an endpoint security application installed that is potentially affected by multiple vulnerabilities.

Description

According to the version identified on the Management Center for Cisco Agents web interface, the version of Cisco Security Agent installed on the remote host is affected by multiple vulnerabilities :

 - An unspecified directory traversal vulnerability exists in the Management Center. (CVE-2010-0146)

 - An unspecified SQL injection vulnerability exists in the Management Center. (CVE-2010-0147)

 - An unspecified denial of service (DoS) vulnerability exists in Cisco Security Agent release 5.2. Note that Windows and Sun Solaris versions are not affected by this issue. (CVE-2010-0148)

Solution

Upgrade to Cisco Security Agent 5.1.0.117 / 5.2.0.296 / 6.0.1.132 or later.

See Also

https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20100217-csa.html

Plugin Details

Severity: Medium

ID: 69952

File Name: cisco_csa_management_center_sa20100217.nasl

Version: 1.8

Type: remote

Family: CISCO

Published: 9/18/2013

Updated: 11/27/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2010-0146

Vulnerability Information

CPE: cpe:/a:cisco:security_agent

Required KB Items: www/cisco_security_agent

Exploit Ease: No known exploits are available

Patch Publication Date: 2/17/2010

Vulnerability Publication Date: 2/17/2010

Reference Information

CVE: CVE-2010-0146, CVE-2010-0147, CVE-2010-0148

BID: 38271, 38272, 38273