Vulnerability Details CVE-2010-0589
The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.8%
CVSS Severity
CVSS v2 Score 9.3
References
- http://securitytracker.com/id?1023881
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml
- http://www.securityfocus.com/bid/39478
- http://www.zerodayinitiative.com/advisories/ZDI-10-072/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57812
- http://securitytracker.com/id?1023881
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b25d01.shtml
- http://www.securityfocus.com/bid/39478
- http://www.zerodayinitiative.com/advisories/ZDI-10-072/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57812
Products affected by CVE-2010-0589
-
cpe:2.3:a:cisco:secure_desktop:-
-
cpe:2.3:a:cisco:secure_desktop:3.0_base
-
cpe:2.3:a:cisco:secure_desktop:3.1
-
cpe:2.3:a:cisco:secure_desktop:3.1.0.31
-
cpe:2.3:a:cisco:secure_desktop:3.1.1
-
cpe:2.3:a:cisco:secure_desktop:3.1.1.27
-
cpe:2.3:a:cisco:secure_desktop:3.1.1.33
-
cpe:2.3:a:cisco:secure_desktop:3.1.1.45
-
cpe:2.3:a:cisco:secure_desktop:3.1_base
-
cpe:2.3:a:cisco:secure_desktop:3.2
-
cpe:2.3:a:cisco:secure_desktop:3.2.0.136
-
cpe:2.3:a:cisco:secure_desktop:3.2.1
-
cpe:2.3:a:cisco:secure_desktop:3.2.1.103
-
cpe:2.3:a:cisco:secure_desktop:3.2.1.126
-
cpe:2.3:a:cisco:secure_desktop:3.2_base
-
cpe:2.3:a:cisco:secure_desktop:3.3
-
cpe:2.3:a:cisco:secure_desktop:3.3.0.118
-
cpe:2.3:a:cisco:secure_desktop:3.3.0.151
-
cpe:2.3:a:cisco:secure_desktop:3.3_base
-
cpe:2.3:a:cisco:secure_desktop:3.4
-
cpe:2.3:a:cisco:secure_desktop:3.4.0373
-
cpe:2.3:a:cisco:secure_desktop:3.4.1
-
cpe:2.3:a:cisco:secure_desktop:3.4.1108
-
cpe:2.3:a:cisco:secure_desktop:3.4.2
-
cpe:2.3:a:cisco:secure_desktop:3.4.2048
-
cpe:2.3:a:cisco:secure_desktop:3.4_base
-
cpe:2.3:a:cisco:secure_desktop:3.5