CVE-2004-1112

Severity

51%

Complexity

49%

Confidentiality

106%

The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.

The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.

CVSS 2.0 Base Score 5.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P).

Overview

Type

Cisco Security Agent

First reported 20 years ago

2005-01-10 05:00:00

Last updated 7 years ago

2017-07-11 01:30:00

Affected Software

Cisco Security Agent 3.x

3

Cisco Security Agent 4.0

4.0

Cisco Security Agent 4.0.1

4.0.1

Cisco Security Agent 4.0.2

4.0.2

Cisco Security Agent 4.0.3

4.0.3

References

P-036

Vendor Advisory

20041111 Crafted Timed Attack Evades Cisco Security Agent Protections

Vendor Advisory

11659

Vendor Advisory

csa-buffer-protection-bypass(18037)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.