Multiple Vulnerabilities in CiscoWorks Common Management Foundation

Reported August 13, 2003, by Cisco Systems.

VERSIONS AFFECTED

DESCRIPTION

Two vulnerabilities exist in CiscoWorks CMF 2.1 and earlier, the more serious of which could let an attacker execute arbitrary commands on the vulnerable server. The first vulnerability is a privilege escalation that could let a guest user obtain administrative privileges within the application through a specially crafted URL. The second vulnerability involves an error in processing user input that could let a user run arbitrary commands on the CiscoWorks server.

VENDOR RESPONSE

Cisco has published anotice regarding these vulnerabilities and is making patches available for CMF 2.1 and CMF 2.0 free of charge through standard support channels.

CREDIT                                                                                                       

 

Discovered by Omicron from Portcullis Computer Security Ltd.

Reported August 13, 2003, by Cisco Systems.

VERSIONS AFFECTED

DESCRIPTION

Two vulnerabilities exist in CiscoWorks CMF 2.1 and earlier, the more serious of which could let an attacker execute arbitrary commands on the vulnerable server. The first vulnerability is a privilege escalation that could let a guest user obtain administrative privileges within the application through a specially crafted URL. The second vulnerability involves an error in processing user input that could let a user run arbitrary commands on the CiscoWorks server.

VENDOR RESPONSE

Cisco has published anotice regarding these vulnerabilities and is making patches available for CMF 2.1 and CMF 2.0 free of charge through standard support channels.

CREDIT                                                                                                       

 

Discovered by Omicron from Portcullis Computer Security Ltd.