CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the cmd parameter with a modifyUser value and a modified priviledges parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Resource_manager | Cisco | 1.0 (including) | 1.0 (including) |
Resource_manager | Cisco | 1.1 (including) | 1.1 (including) |
Resource_manager_essentials | Cisco | 2.0 (including) | 2.0 (including) |
Resource_manager_essentials | Cisco | 2.1 (including) | 2.1 (including) |
Resource_manager_essentials | Cisco | 2.2 (including) | 2.2 (including) |