PT-2009-3720 · Cisco · Ciscoworks Common Services+5
Jun Okada
·
Publicado
2009-05-21
·
Atualizado
2009-06-09
·
CVE-2009-1161
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco CiscoWorks Common Services (CWCS) versions 3.0.x through 3.2.x
Description
A directory traversal issue in the TFTP service of Cisco CiscoWorks Common Services allows remote attackers to access arbitrary files. This issue affects various Cisco products, including Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, and Unified Provisioning Manager.
Recommendations
For Cisco CiscoWorks Common Services versions 3.0.x through 3.2.x, consider restricting access to the TFTP service until a fix is available. As a temporary workaround, limit the exposure of the TFTP service to only necessary users and networks.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ciscoworks Common Services
Hp Security Manager
Telepresence Readiness Assessment Manager
Unified Operations Manager
Unified Provisioning Manager
Unified Service Monitor