CVE-2010-0589

critical Cisco
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
1.6%
Exploitation probability in 30 days
Top 18% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: April 15, 2010 (5872 days ago)
Last Modified: April 29, 2026
Vendor: Cisco
Source: NVD

Description

The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.

CWE

CWE-20

Affected Products

cisco secure desktop

References

🔗 securitytracker.com 🔗 www.cisco.com 🔗 www.securityfocus.com 🔗 www.zerodayinitiative.com 🔗 exchange.xforce.ibmcloud.com