CVE-2008-3820

EUVD-2008-3806
Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
ciscosecurity_manager
*
ciscosecurity_manager
3.1
ciscosecurity_manager
3.1.1
ciscosecurity_manager
3.1.1:sp3
ciscosecurity_manager
3.2
ciscosecurity_manager
3.2:sp2
ciscosecurity_manager
3.2.1
ciscosecurity_manager
3.2.1:sp1
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/33633
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.shtml
http://www.securityfocus.com/bid/33381
http://www.securitytracker.com/id?1021619
http://www.vupen.com/english/advisories/2009/0214
https://exchange.xforce.ibmcloud.com/vulnerabilities/48134
http://secunia.com/advisories/33633
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.shtml
http://www.securityfocus.com/bid/33381
http://www.securitytracker.com/id?1021619
http://www.vupen.com/english/advisories/2009/0214
https://exchange.xforce.ibmcloud.com/vulnerabilities/48134