CVE Vulnerabilities

CVE-2003-0731

Published: Oct 20, 2003 | Modified: Sep 10, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the cmd parameter with a modifyUser value and a modified priviledges parameter.

Affected Software

Name Vendor Start Version End Version
Resource_manager Cisco 1.0 1.0
Resource_manager Cisco 1.1 1.1
Resource_manager_essentials Cisco 2.0 2.0
Resource_manager_essentials Cisco 2.1 2.1
Resource_manager_essentials Cisco 2.2 2.2

References