製品・ソフトウェアに関する情報

JVN脆弱性詳細

Cisco Unified Service Monitor における任意のコードを実行される脆弱性

Title	Cisco Unified Service Monitor における任意のコードを実行される脆弱性
Summary	Cisco Unified Operations Manager および CiscoWorks LAN Management Solution で使用される Cisco Unified Service Monitor には、任意のコードを実行される脆弱性が存在します。本問題は、Bug ID CSCtn42961 および CSCtn64922 の問題です。
Possible impacts	第三者により、巧妙に細工された TCP ポート 9002 のパケットを介して、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 14, 2011, midnight
Registration Date	Sept. 22, 2011, 3:55 p.m.
Last Update	Sept. 22, 2011, 3:55 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

シスコシステムズ

Cisco Unified Operations Manager 8.6 未満

Cisco Unified Service Monitor

CiscoWorks LAN Management Solution (LMS) 4.1 未満の 3.x および 4.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-2738	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2738
National Vulnerability Database (NVD)
2	CVE-2011-2738	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2738

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Cisco Security Advisory
1	cisco-sa-20110914-cusm	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml
2	cisco-sa-20110914-lms	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml
シスコセキュリティアドバイザリ
3	cisco-sa-20110914-cusm	http://www.cisco.com/cisco/web/support/JP/110/1108/1108578_cisco-sa-20110914-cusm-j.html
4	cisco-sa-20110914-lms	http://www.cisco.com/cisco/web/support/JP/110/1108/1108577_cisco-sa-20110914-lms-j.html

その他

No	Name	URL
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
1	75442	http://osvdb.org/75442
Secunia Advisory
2	SA45979	http://secunia.com/advisories/45979
3	SA46016	http://secunia.com/advisories/46016
SecurityFocus
4	49627	http://www.securityfocus.com/bid/49627
SecurityTracker
5	1026047	http://www.securitytracker.com/id?1026047
6	1026048	http://www.securitytracker.com/id?1026048

Change Log

No	Changed Details	Date of change
0	[2011年09月22日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-2738

Summary	Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.
Publication Date	Sept. 19, 2011, 9:02 p.m.
Registration Date	Jan. 28, 2021, 4:39 p.m.
Last Update	Nov. 21, 2024, 10:28 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:cisco:unified_service_monitor::::::::		8.5
cpe:2.3:a:cisco:unified_service_monitor:1.1:::::::*
cpe:2.3:a:cisco:unified_service_monitor:2.0:::::::*
cpe:2.3:a:cisco:unified_service_monitor:2.0.1:::::::*
cpe:2.3:a:cisco:unified_service_monitor:2.1:::::::*
cpe:2.3:a:cisco:unified_service_monitor:2.2:::::::*
cpe:2.3:a:cisco:unified_service_monitor:2.3:::::::*
cpe:2.3:a:cisco:unified_service_monitor:8.0:::::::*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:::::::*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:december_2007::::::
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:::::::*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.2:::::::*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0:::::::*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0.1:::::::*
cpe:2.3:a:cisco:unified_operations_manager::::::::		8.5
cpe:2.3:a:cisco:unified_operations_manager:1.0:::::::*
cpe:2.3:a:cisco:unified_operations_manager:1.1:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.0:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.0.1:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.0.2:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.0.3:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.1:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.2:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.3:::::::*
cpe:2.3:a:cisco:unified_operations_manager:8.0:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:emc:ionix_ip::::::::		8.1.1.1
cpe:2.3:a:emc:ionix_acm::::::::		2.3
cpe:2.3:a:emc:ionix_asam::::::::		3.2.0.2

Related information, measures and tools

No	URL	タグ
1	http://secunia.com/advisories/45979	Vendor Advisory
2	http://secunia.com/advisories/46016	Vendor Advisory
3	http://secunia.com/advisories/46052	Vendor Advisory
4	http://secunia.com/advisories/46053	Vendor Advisory
5	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml	Vendor Advisory
6	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml	Vendor Advisory
7	http://www.osvdb.org/75442
8	http://www.securityfocus.com/archive/1/519646/100/0/threaded
9	http://www.securityfocus.com/bid/49627
10	http://www.securityfocus.com/bid/49644
11	http://www.securitytracker.com/id?1026046
12	http://www.securitytracker.com/id?1026047
13	http://www.securitytracker.com/id?1026048
14	http://www.securitytracker.com/id?1026059
15	https://exchange.xforce.ibmcloud.com/vulnerabilities/69828
16	http://secunia.com/advisories/45979	Vendor Advisory
17	https://exchange.xforce.ibmcloud.com/vulnerabilities/69828
18	http://www.securitytracker.com/id?1026059
19	http://www.securitytracker.com/id?1026048
20	http://www.securitytracker.com/id?1026047
21	http://www.securitytracker.com/id?1026046
22	http://www.securityfocus.com/bid/49644
23	http://www.securityfocus.com/bid/49627
24	http://www.securityfocus.com/archive/1/519646/100/0/threaded
25	http://www.osvdb.org/75442
26	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml	Vendor Advisory
27	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml	Vendor Advisory
28	http://secunia.com/advisories/46053	Vendor Advisory
29	http://secunia.com/advisories/46052	Vendor Advisory
30	http://secunia.com/advisories/46016	Vendor Advisory

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:cisco:unified_service_monitor::::::::		8.5
cpe:2.3:a:cisco:unified_service_monitor:1.1:::::::*
cpe:2.3:a:cisco:unified_service_monitor:2.0:::::::*
cpe:2.3:a:cisco:unified_service_monitor:2.0.1:::::::*
cpe:2.3:a:cisco:unified_service_monitor:2.1:::::::*
cpe:2.3:a:cisco:unified_service_monitor:2.2:::::::*
cpe:2.3:a:cisco:unified_service_monitor:2.3:::::::*
cpe:2.3:a:cisco:unified_service_monitor:8.0:::::::*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:::::::*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:december_2007::::::
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:::::::*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.2:::::::*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0:::::::*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0.1:::::::*
cpe:2.3:a:cisco:unified_operations_manager::::::::		8.5
cpe:2.3:a:cisco:unified_operations_manager:1.0:::::::*
cpe:2.3:a:cisco:unified_operations_manager:1.1:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.0:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.0.1:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.0.2:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.0.3:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.1:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.2:::::::*
cpe:2.3:a:cisco:unified_operations_manager:2.3:::::::*
cpe:2.3:a:cisco:unified_operations_manager:8.0:::::::*