Podatność CVE-2009-1161


Publikacja: 2009-05-21   Modyfikacja: 2012-02-13

Opis:
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

Typ:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
10/10
10/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Cisco -> Ciscoworks common services 
Cisco -> Ciscoworks health and utilization monitor 
Cisco -> Ciscoworks lan management solution 
Cisco -> Ciscoworks qos policy manager 
Cisco -> Ciscoworks voice manager 
Cisco -> Security manager 
Cisco -> Telepresence readiness assessment manager 
Cisco -> Unified operations manager 
Cisco -> Unified provisioning manager 
Cisco -> Unified service monitor 

 Referencje:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml
http://www.vupen.com/english/advisories/2009/1390
http://www.securityfocus.com/bid/35040
http://securitytracker.com/id?1022263
http://secunia.com/advisories/35179
http://osvdb.org/54616
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html
http://jvn.jp/en/jp/JVN62527913/index.html

Copyright 2024, cxsecurity.com

 

Back to Top