CVE-2009-1161
published 2009-05-21CVE-2009-1161: Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified…
PriorityP355critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
12.55%
95.7th percentile
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_health_and_utilization_monitor | — | — |
| cisco | ciscoworks_health_and_utilization_monitor | — | — |
| cisco | ciscoworks_lan_management_solution | — | — |
| cisco | ciscoworks_lan_management_solution | — | — |
| cisco | ciscoworks_lan_management_solution | — | — |
| cisco | ciscoworks_lan_management_solution | — | — |
| cisco | ciscoworks_qos_policy_manager | — | — |
| cisco | ciscoworks_qos_policy_manager | — | — |
| cisco | ciscoworks_voice_manager | — | — |
| cisco | ciscoworks_voice_manager | — | — |
| cisco | security_manager | — | — |
| cisco | security_manager | — | — |
| cisco | security_manager | — | — |
| cisco | telepresence_readiness_assessment_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
| cisco | unified_operations_manager | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p549-g2jj-vm8x: Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3
ghsa_unreviewed·2022-05-02
CVE-2009-1161 [HIGH] CWE-22 GHSA-p549-g2jj-vm8x: Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
Cisco
CiscoWorks TFTP Directory Traversal Vulnerability
vendor_cisco·2009-05-20·CVSS 10.0
CVE-2009-1161 [CRITICAL] CWE-22 CiscoWorks TFTP Directory Traversal Vulnerability
CiscoWorks TFTP Directory Traversal Vulnerability
CiscoWorks Common Services contains a vulnerability that could allow an
unauthenticated remote attacker to access application and host operating system
files.
Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is
available.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090520-cw.
Cisco
CiscoWorks TFTP Directory Traversal Vulnerability
vendor_cisco
CVE-2009-1161 CiscoWorks TFTP Directory Traversal Vulnerability
CVE-2009-1161: CiscoWorks TFTP Directory Traversal Vulnerability
CiscoWorks Common Services contains a vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files. Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090520-cw .
CWE: CWE-22, CWE-22
Bug IDs: CSCsx07107, CSCsx07107
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://jvn.jp/en/jp/JVN62527913/index.htmlhttp://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.htmlhttp://osvdb.org/54616http://secunia.com/advisories/35179http://securitytracker.com/id?1022263http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtmlhttp://www.securityfocus.com/bid/35040http://www.vupen.com/english/advisories/2009/1390http://jvn.jp/en/jp/JVN62527913/index.htmlhttp://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.htmlhttp://osvdb.org/54616http://secunia.com/advisories/35179http://securitytracker.com/id?1022263http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtmlhttp://www.securityfocus.com/bid/35040http://www.vupen.com/english/advisories/2009/1390
2009-05-21
Published