CVE-2011-0926

Published Feb 25, 2011

Last updated 6 years ago

Overview

Description: A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.
Source: ykramarz@cisco.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:secure_desktop:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F91DD0D2-B573-4FE3-933A-02E8F4D35E56"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References