CVE-2010-0138

Name of the Vulnerable Software and Affected Versions CiscoWorks Internetwork Performance Monitor (IPM) versions 2.6 and earlier

Description The issue is related to a buffer overflow in the Cisco CiscoWorks Internetwork Performance Monitor (IPM) that allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request. This is related to a third-party component.

Recommendations For CiscoWorks Internetwork Performance Monitor (IPM) versions 2.6 and earlier, consider disabling the getProcessName function in the GIOP request handling until a patch is available. Restrict access to the vulnerable CORBA GIOP endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.