Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1161

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-1161
Last Modified 09 Jun 2009 01:33:31
Published 21 May 2009 10:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1161

Summary

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

Vulnerable Systems

Application

  • Cisco Security Manager 3.0

  • Cisco Security Manager 3.1

  • Cisco Security Manager 3.2

  • Cisco Telepresence Readiness Assessment Manager 1.0

  • Cisco Unified Operations Manager 1.0

  • Cisco Unified Operations Manager 1.1

  • Cisco Unified Operations Manager 2.0

  • Cisco Unified Operations Manager 2.1

  • Cisco Unified Provisioning Manager 1.0

  • Cisco Unified Provisioning Manager 1.1

  • Cisco Unified Provisioning Manager 1.2

  • Cisco Unified Provisioning Manager 1.3

  • Cisco Unified Service Monitor 1.0

  • Cisco Unified Service Monitor 1.1

  • Cisco Unified Service Monitor 2.0

  • Cisco Unified Service Monitor 2.1

  • Ciscoworks Common Services 3.0.3

  • Ciscoworks Common Services 3.0.4

  • Ciscoworks Common Services 3.0.5

  • Ciscoworks Common Services 3.0.6

  • Ciscoworks Common Services 3.1

  • Ciscoworks Common Services 3.1.1

  • Ciscoworks Common Services 3.2

  • Ciscoworks Health And Utilization Monitor 1.0

  • Ciscoworks Health And Utilization Monitor 1.1

  • Ciscoworks Lan Management Solution 2.5

  • Ciscoworks Lan Management Solution 2.6

  • Ciscoworks Lan Management Solution 3.0

  • Ciscoworks Lan Management Solution 3.1

  • Ciscoworks Qos Policy Manager 4.0

  • Ciscoworks Qos Policy Manager 4.1

  • Ciscoworks Voice Manager 3.0

  • Ciscoworks Voice Manager 3.1


References

CISCO - 20090520 CiscoWorks TFTP Directory Traversal Vulnerability

VUPEN - ADV-2009-1390

BID - 35040

SECTRACK - 1022263

SECUNIA - 35179

OSVDB - 54616

JVNDB - JVNDB-2009-000032

JVN - JVN#62527913


Last Updated: 27 May 2016 10:50:28