PT-2009-3720 · Cisco · Ciscoworks Common Services+5

Jun Okada

Published

2009-05-21

Updated

2009-06-09

CVE-2009-1161

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco CiscoWorks Common Services (CWCS) versions 3.0.x through 3.2.x

Description A directory traversal issue in the TFTP service of Cisco CiscoWorks Common Services allows remote attackers to access arbitrary files. This issue affects various Cisco products, including Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, and Unified Provisioning Manager.

Recommendations For Cisco CiscoWorks Common Services versions 3.0.x through 3.2.x, consider restricting access to the TFTP service until a fix is available. As a temporary workaround, limit the exposure of the TFTP service to only necessary users and networks.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2009-1161

Affected Products

Ciscoworks Common Services

Hp Security Manager

Telepresence Readiness Assessment Manager

Unified Operations Manager

Unified Provisioning Manager

Unified Service Monitor

PT-2009-3720 · Cisco · Ciscoworks Common Services+5

CVE-2009-1161

Weakness Enumeration

Related Identifiers

Affected Products

References · 9