PT-2003-1826 · Cisco · Ciscoworks Common Management Foundation

Published

2003-09-04

Updated

2008-09-10

CVE-2003-0731

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: CiscoWorks Common Management Foundation (CMF) versions 2.1 and earlier

Description: The issue allows the guest user to gain administrative privileges via a certain POST request to "com.cisco.nm.cmf.servlet.CsAuthServlet", possibly involving the cmd parameter with a modifyUser value and a modified priviledges parameter.

Recommendations: For CiscoWorks Common Management Foundation (CMF) versions 2.1 and earlier, as a temporary workaround, consider restricting access to the com.cisco.nm.cmf.servlet.CsAuthServlet endpoint until a patch is available. Avoid using the cmd parameter with a modifyUser value and the priviledges parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0731

Affected Products

Ciscoworks Common Management Foundation

PT-2003-1826 · Cisco · Ciscoworks Common Management Foundation

CVE-2003-0731

Related Identifiers

Affected Products

References · 3