CVE-2011-0966

Name of the Vulnerable Software and Affected Versions Cisco CiscoWorks Common Services versions 3.3 and earlier

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files by utilizing a .. (dot dot) in the file parameter of the cwhp/auditLog.do endpoint in the Homepage Auditing component.

Recommendations For versions 3.3 and earlier, restrict access to the cwhp/auditLog.do endpoint to minimize the risk of exploitation. Avoid using the file parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.