CVE-2009-2977

Severity

32%

Complexity

65%

Confidentiality

48%

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files.

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files.

CVSS 2.0 Base Score 3.3. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: low. CVSS Vector: (AV:A/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 15 years ago

2009-08-27 17:30:00

Last updated 6 years ago

2018-10-10 19:42:00

Affected Software

Cisco CS-MARS 4.1

4.1

Cisco CS-MARS 4.1.2

4.1.2

Cisco CS-MARS 4.1.3

4.1.3

Cisco CS-MARS 4.1.5

4.1.5

Cisco CS-MARS

References

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtb52450

20090821 Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier

20090821 Re: Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier

36098

ADV-2009-2364

Vendor Advisory

csmars-sysbacktrace-info-disclosure(52913)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.