Vulnerability CVE-2009-0615


Published: 2009-02-26   Modified: 2012-02-13

Description:
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Application control engine device manager 
Cisco -> Application networking manager 

 References:
http://www.securitytracker.com/id?1021770
http://www.securityfocus.com/bid/33903
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc84.shtml

Copyright 2022, cxsecurity.com

 

Back to Top