CVE-2003-0731 — Cisco Ciscoworks CD1 vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

0.4%

top 40.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Ciscoworks CD1 Cisco Ciscoworks Common Management Foundation Cisco Resource Manager +1 more

Timeline

PublishedOct 20

Latest updateApr 29

Description

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDcisco/ciscoworks_common_management_foundation2.0, 2.1+1

▶NVDcisco/ciscoworks_cd15 versions+4

▶NVDcisco/resource_manager1.0, 1.1+1

▶NVDcisco/resource_manager_essentials2.0, 2.1, 2.2+2

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-vccp-g983-v87h: CiscoWorks Common Management Foundation (CMF) 2↗2022-04-29

▶

CVEList

CVE-2003-0731: CiscoWorks Common Management Foundation (CMF) 2↗2003-09-04

▶