CVE-2008-3820

Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
ciscosecurity_manager
*
ciscosecurity_manager
3.1
ciscosecurity_manager
3.1.1
ciscosecurity_manager
3.1.1:sp3
ciscosecurity_manager
3.2
ciscosecurity_manager
3.2:sp2
ciscosecurity_manager
3.2.1
ciscosecurity_manager
3.2.1:sp1
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/33633
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.shtml
http://www.securityfocus.com/bid/33381
http://www.securitytracker.com/id?1021619
http://www.vupen.com/english/advisories/2009/0214
https://exchange.xforce.ibmcloud.com/vulnerabilities/48134
http://secunia.com/advisories/33633
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.shtml
http://www.securityfocus.com/bid/33381
http://www.securitytracker.com/id?1021619
http://www.vupen.com/english/advisories/2009/0214
https://exchange.xforce.ibmcloud.com/vulnerabilities/48134