Reported
August 13, 2003, by Cisco Systems.
VERSIONS AFFECTED
DESCRIPTION
Two vulnerabilities exist in CiscoWorks CMF
2.1 and earlier, the more serious of which could let an attacker execute
arbitrary commands on the vulnerable server. The first vulnerability is a
privilege escalation that could let a guest user obtain administrative
privileges within the application through a specially crafted URL. The second
vulnerability involves an error in processing user input that could let a user
run arbitrary commands on the CiscoWorks server.
VENDOR RESPONSE
Cisco has published a
notice regarding these vulnerabilities and is making patches available for
CMF 2.1 and CMF 2.0 free of charge through standard support channels.
CREDIT
Discovered by Omicron from
Portcullis Computer Security Ltd.
Reported
August 13, 2003, by Cisco Systems.
VERSIONS AFFECTED
DESCRIPTION
Two vulnerabilities exist in CiscoWorks CMF
2.1 and earlier, the more serious of which could let an attacker execute
arbitrary commands on the vulnerable server. The first vulnerability is a
privilege escalation that could let a guest user obtain administrative
privileges within the application through a specially crafted URL. The second
vulnerability involves an error in processing user input that could let a user
run arbitrary commands on the CiscoWorks server.
VENDOR RESPONSE
Cisco has published a
notice regarding these vulnerabilities and is making patches available for
CMF 2.1 and CMF 2.0 free of charge through standard support channels.
CREDIT
Discovered by Omicron from
Portcullis Computer Security Ltd.
Multiple Vulnerabilities in CiscoWorks Common Management Foundation
0 comments
Hide comments