CVE-2009-1161

CWE-22Path Traversal4 documents4 sources
Severity
10.0CRITICAL
EPSS
1.4%
top 19.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Cisco Ciscoworks Common ServicesCisco Ciscoworks Health AND Utilization MonitorCisco Ciscoworks LAN Management Solution+7 more
Timeline
PublishedMay 21
Latest updateMay 2

Description

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages10 packages

NVDcisco/security_manager3.0, 3.1, 3.2+2

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-p549-g2jj-vm8x: Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 32022-05-02
CVEList
CVE-2009-1161: Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 32009-05-21

📋Vendor Advisories

1
Cisco
CiscoWorks TFTP Directory Traversal Vulnerability2009-05-20