Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0731

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0731
Last Modified 10 Sep 2008 03:20:19
Published 20 Oct 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0731

Summary

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.

Vulnerable Systems

Operating System

  • Ciscoworks Cd1 1st

  • Ciscoworks Cd1 2nd

  • Ciscoworks Cd1 3rd

  • Ciscoworks Cd1 4th

  • Ciscoworks Cd1 5th

Application

  • Cisco Resource Manager 1.0

  • Cisco Resource Manager 1.1

  • Cisco Resource Manager Essentials 2.0

  • Cisco Resource Manager Essentials 2.1

  • Cisco Resource Manager Essentials 2.2

  • Ciscoworks Common Management Foundation 2.0

  • Ciscoworks Common Management Foundation 2.1


References

CISCO - 20030813 CiscoWorks Application Vulnerabilities

BUGTRAQ - 20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities


Last Updated: 27 May 2016 10:38:01