CVE-2010-3040

Name of the Vulnerable Software and Affected Versions Cisco Intelligent Contact Manager (ICM) versions prior to 7.0

Description The issue is related to multiple stack-based buffer overflows in the agent.exe component of the Setup Manager in Cisco Intelligent Contact Manager. These overflows can be triggered by remote attackers sending a long parameter in specific TCP packets, including HandleUpgradeAll, AgentUpgrade, HandleQueryNodeInfoReq, or HandleUpgradeTrace. This can lead to the execution of arbitrary code.

Recommendations For versions prior to 7.0, update to version 7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the agent.exe component until a patch is available. Avoid using long parameters in the affected TCP packets, specifically HandleUpgradeAll, AgentUpgrade, HandleQueryNodeInfoReq, and HandleUpgradeTrace, until the issue is resolved.