CVE-2008-3820

critical

Description

Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/48134

http://www.vupen.com/english/advisories/2009/0214

http://www.securitytracker.com/id?1021619

http://www.securityfocus.com/bid/33381

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.shtml

http://secunia.com/advisories/33633

Details

Source: Mitre, NVD

Published: 2009-01-22

Updated: 2017-08-08

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical