CVE-2011-2738
CVE-2011-2738 is a critical-severity vulnerability in Emc Ionix Acm with a CVSS 2.0 base score of 10.0. Its EPSS exploit-prediction score of 11% places it in the 95th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: Critical (CVSS 2.0 base score 10.0)
- EPSS exploit prediction: 11% (95th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Emc Ionix Acm
- Published:
- Last modified:
Description
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.
Frequently asked questions
- What is CVE-2011-2738?
- Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.
- How severe is CVE-2011-2738?
- CVE-2011-2738 has a CVSS 2.0 base score of 10.0, rated critical severity.
- Is CVE-2011-2738 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 11% (95th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2011-2738?
- CVE-2011-2738 primarily affects Emc Ionix Acm. In total, 28 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2011-2738?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2011-2738 published?
- CVE-2011-2738 was published on 2011-09-19 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/45979
- http://secunia.com/advisories/46016
- http://secunia.com/advisories/46052
- http://secunia.com/advisories/46053
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351e.shtml
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9351f.shtml
- http://www.osvdb.org/75442
- http://www.securityfocus.com/archive/1/519646/100/0/threaded
- http://www.securityfocus.com/bid/49627
- http://www.securityfocus.com/bid/49644
- http://www.securitytracker.com/id?1026046
- http://www.securitytracker.com/id?1026047
- http://www.securitytracker.com/id?1026048
- http://www.securitytracker.com/id?1026059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69828
Affected products (28)
- cpe:2.3:a:cisco:unified_service_monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_service_monitor:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_service_monitor:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_service_monitor:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_service_monitor:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_service_monitor:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_service_monitor:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_service_monitor:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:december_2007:*:*:*:*:*:*
- cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:ciscoworks_lan_management_solution:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_operations_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_operations_manager:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_operations_manager:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_operations_manager:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_operations_manager:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:ionix_acm:*:*:*:*:*:*:*:*
- cpe:2.3:a:emc:ionix_asam:*:*:*:*:*:*:*:*
- cpe:2.3:a:emc:ionix_ip:*:*:*:*:*:*:*:*