CVE-2011-0966
published 2011-05-20CVE-2011-0966: Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote…
PriorityP352medium6.8CVSS 2.0
AVNACLAuSCCINAN
EXPLOIT
EPSS
41.35%
98.5th percentile
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ciscoworks_common_services | <= 3.3 | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
| cisco | ciscoworks_common_services | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CiscoWorks Common Services 3.1.1 - Auditing Directory Traversal
exploitdb·2011-05-18
CVE-2011-0966 CiscoWorks Common Services 3.1.1 - Auditing Directory Traversal
CiscoWorks Common Services 3.1.1 - Auditing Directory Traversal
---
source: https://www.securityfocus.com/bid/47905/info
CiscoWorks Common Services is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to gain access to arbitrary files on the targeted system. This may result in the disclosure of sensitive information or lead to a complete compromise of the affected computer.
This issue is being monitored by Cisco Bug ID CSCto35577.
CiscoWorks Common Services 3.3 and prior are vulnerable.
http://www.example.com/cwhp/auditLog.do?file=..\..\..\..\..\..\..\boot.ini
cmfDBA user database info:
http://www.example.com/cwhp/auditLog.do
Exploit-DB
Cisco Unified Operations Manager - Multiple Vulnerabilities
exploitdb·2011-05-18·CVSS 4.3
CVE-2011-0966 [MEDIUM] Cisco Unified Operations Manager - Multiple Vulnerabilities
Cisco Unified Operations Manager - Multiple Vulnerabilities
---
Sense of Security - Security Advisory - SOS-11-006
Release Date. 18-May-2011
Last Update. -
Vendor Notification Date. 28-Feb-2011
Product. Cisco Unified Operations Manager
Common Services Framework Help Servlet
Common Services Device Center
CiscoWorks Homepage
Note: All of the above products are
included by default in CuOM.
Platform. Microsoft Windows
Affected versions. CuOM 8.0 and 8.5 (verified),
possibly others.
Severity Rating. Medium - Low
Impact. Database access, cookie and credential
theft, impersonation, loss of
confidentiality, local file disclosure,
information disclosure.
Attack Vector. Remote with authentication
Solution Status. Vendor patch (upgrade to CuOM 8.6 as
advised by Cisco)
CVE reference. CVE-2011-0959
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23089http://www.exploit-db.com/exploits/17304http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67525http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=23089http://www.exploit-db.com/exploits/17304http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67525
2011-05-20
Published