Vulnerability CVE-2009-1161


Published: 2009-05-21   Modified: 2012-02-13

Description:
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Ciscoworks common services 
Cisco -> Ciscoworks health and utilization monitor 
Cisco -> Ciscoworks lan management solution 
Cisco -> Ciscoworks qos policy manager 
Cisco -> Ciscoworks voice manager 
Cisco -> Security manager 
Cisco -> Telepresence readiness assessment manager 
Cisco -> Unified operations manager 
Cisco -> Unified provisioning manager 
Cisco -> Unified service monitor 

 References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml
http://www.vupen.com/english/advisories/2009/1390
http://www.securityfocus.com/bid/35040
http://securitytracker.com/id?1022263
http://secunia.com/advisories/35179
http://osvdb.org/54616
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html
http://jvn.jp/en/jp/JVN62527913/index.html

Copyright 2024, cxsecurity.com

 

Back to Top