Vulnerability Description
Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Security Manager | All versions |
References
- http://secunia.com/advisories/33633Vendor Advisory
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.sPatchVendor Advisory
- http://www.securityfocus.com/bid/33381
- http://www.securitytracker.com/id?1021619
- http://www.vupen.com/english/advisories/2009/0214
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48134
- http://secunia.com/advisories/33633Vendor Advisory
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6192a.sPatchVendor Advisory
- http://www.securityfocus.com/bid/33381
- http://www.securitytracker.com/id?1021619
- http://www.vupen.com/english/advisories/2009/0214
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48134
FAQ
What is CVE-2008-3820?
CVE-2008-3820 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root acc...
How severe is CVE-2008-3820?
CVE-2008-3820 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3820?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Security Manager.