Reported August 13, 2003, by Cisco Systems.

 

 

VERSIONS AFFECTED

 

  • CiscoWorks Common Management Foundation (CMF) 2.1 and earlier

 

 

DESCRIPTION

 

Two vulnerabilities exist in CiscoWorks CMF 2.1 and earlier, the more serious of which could let an attacker execute arbitrary commands on the vulnerable server. The first vulnerability is a privilege escalation that could let a guest user obtain administrative privileges within the application through a specially crafted URL. The second vulnerability involves an error in processing user input that could let a user run arbitrary commands on the CiscoWorks server.

 

VENDOR RESPONSE

 

Cisco has published a notice regarding these vulnerabilities and is making patches available for CMF 2.1 and CMF 2.0 free of charge through standard support channels.

 

CREDIT                                                                                                       

 

Discovered by Omicron from Portcullis Computer Security Ltd.

Reported August 13, 2003, by Cisco Systems.

 

 

VERSIONS AFFECTED

 

  • CiscoWorks Common Management Foundation (CMF) 2.1 and earlier

 

 

DESCRIPTION

 

Two vulnerabilities exist in CiscoWorks CMF 2.1 and earlier, the more serious of which could let an attacker execute arbitrary commands on the vulnerable server. The first vulnerability is a privilege escalation that could let a guest user obtain administrative privileges within the application through a specially crafted URL. The second vulnerability involves an error in processing user input that could let a user run arbitrary commands on the CiscoWorks server.

 

VENDOR RESPONSE

 

Cisco has published a notice regarding these vulnerabilities and is making patches available for CMF 2.1 and CMF 2.0 free of charge through standard support channels.

 

CREDIT                                                                                                       

 

Discovered by Omicron from Portcullis Computer Security Ltd.