CVE-2010-0138 : Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 a

Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.

Published 2010-01-21 22:30:01

Updated 2025-04-11 00:51:22

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2010-0138

Cisco » Ciscoworks Internetwork Performance Monitor
Versions up to, including, (<=) 2.6
cpe:2.3:a:cisco:ciscoworks_internetwork_performance_monitor:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Cisco » Ciscoworks Internetwork Performance Monitor » Version: 2.5
cpe:2.3:a:cisco:ciscoworks_internetwork_performance_monitor:2.5:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Cisco » Ciscoworks Internetwork Performance Monitor » Version: 2.4
cpe:2.3:a:cisco:ciscoworks_internetwork_performance_monitor:2.4:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows

Exploit prediction scoring system (EPSS) score for CVE-2010-0138

EPSS FAQ

10.86%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2010-0138

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-0138

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0138

http://securitytracker.com/id?1023484

CiscoWorks Internetwork Performance Monitor CORBA GIOP Buffer Overflow Lets Remote Users Execute Arbitrary Code - SecurityTracker
http://www.vupen.com/english/advisories/2010/0184

Webmail | OVH- OVH
Vendor Advisory
http://www.securityfocus.com/bid/37879

Cisco CiscoWorks Internetwork Performance Monitor CORBA GIOP Remote Buffer Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-004/

ZDI-10-004 | Zero Day Initiative
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml

CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability - Cisco
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/55768

CiscoWorks IPM CORBA buffer overflow CVE-2010-0138 Vulnerability Report
http://secunia.com/advisories/38230

Sign in
Vendor Advisory

Jump to

Vulnerability Details : CVE-2010-0138

Products affected by CVE-2010-0138

Exploit prediction scoring system (EPSS) score for CVE-2010-0138

CVSS scores for CVE-2010-0138

CWE ids for CVE-2010-0138

References for CVE-2010-0138