CVE-2003-0731

Name of the Vulnerable Software and Affected Versions: CiscoWorks Common Management Foundation (CMF) versions 2.1 and earlier

Description: The issue allows the guest user to gain administrative privileges via a certain POST request to "com.cisco.nm.cmf.servlet.CsAuthServlet", possibly involving the cmd parameter with a modifyUser value and a modified priviledges parameter.

Recommendations: For CiscoWorks Common Management Foundation (CMF) versions 2.1 and earlier, as a temporary workaround, consider restricting access to the com.cisco.nm.cmf.servlet.CsAuthServlet endpoint until a patch is available. Avoid using the cmd parameter with a modifyUser value and the priviledges parameter in the affected endpoint until the issue is resolved.