Vulnerability Description
The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Security Agent | 3 |
| Okena | Stormwatch | 3.x |
References
- http://www.ciac.org/ciac/bulletins/p-036.shtmlVendor Advisory
- http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtmlVendor Advisory
- http://www.securityfocus.com/bid/11659Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18037
- http://www.ciac.org/ciac/bulletins/p-036.shtmlVendor Advisory
- http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtmlVendor Advisory
- http://www.securityfocus.com/bid/11659Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18037
FAQ
What is CVE-2004-1112?
CVE-2004-1112 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the...
How severe is CVE-2004-1112?
CVE-2004-1112 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1112?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Security Agent, Okena Stormwatch.