CVE-2007-1257

{"id": "CVE-2007-1257", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-03-03T20:19:00.000", "references": [{"url": "http://osvdb.org/33066", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24344", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/472412", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22751", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1017710", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0783", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/33066", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24344", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/472412", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22751", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1017710", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/0783", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32750", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5188", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address."}, {"lang": "es", "value": "El M\u00f3dulo Network Analysis (NAM) del Cisco Catalyst Series 6000, 6500 y 7600 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n mediante ciertos paquetes SNMP que son simulados desde la propia direcci\u00f3n IP del NAM."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:network_analysis_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD82BCCE-F68A-48A5-B484-98D9C3024E3A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A2AF1C7-23EB-4C13-AC71-4FA7E78E8ED7"}, {"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2C1E3F7-D48E-4AF1-8205-33EB71E09E09"}, {"criteria": "cpe:2.3:h:cisco:catalyst_6000_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2DF345D-AD8A-4DE6-8136-6EF7B011E4B1"}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC58B690-8D30-4A04-82AA-A827F87DEE02"}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41491D13-A3F9-464A-A84B-A58320838CBD"}, {"criteria": "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD4D3F34-A1B3-4469-BF21-666FDAE9198B"}, {"criteria": "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B64454B8-75A5-4A63-A4DC-ECA17CFBCD7E"}, {"criteria": "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A1FA93-21B3-4CD4-8A62-C66D82CFB2D5"}, {"criteria": "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32583745-9640-4032-B1E1-598ABB4E89A0"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml#@ID\r\n\r\n\"Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Internetwork Operating System (IOS) or Catalyst Operating System (CatOS). \"", "sourceIdentifier": "cve@mitre.org"}