← Back

CVE-2010-0589

nvd nist
Published: Apr 15, 2010Modified: Apr 29, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.

Affected (12)

Cisco
1 product
Secure Desktop
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Secure Desktop
Up to 3.5
Secure Desktop
Version 3.1.1.27
Secure Desktop
Version 3.1.1.33
Secure Desktop
Version 3.1.1
Secure Desktop
Version 3.1
Secure Desktop
Version 3.2.1
Secure Desktop
Version 3.2
Secure Desktop
Version 3.3
Secure Desktop
Version 3.4.1
Secure Desktop
Version 3.4.2048
Secure Desktop
Version 3.4.2
Secure Desktop
Version 3.4

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

Source: psirt@cisco.com
Source: psirt@cisco.com
PatchVendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.