CVE-2003-0731

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*

History

20 Nov 2024, 23:45

Type Values Removed Values Added
References () http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml - Patch, Vendor Advisory () http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml - Patch, Vendor Advisory
References () http://www.securityfocus.com/archive/1/333028 - Exploit, Vendor Advisory () http://www.securityfocus.com/archive/1/333028 - Exploit, Vendor Advisory

Information

Published : 2003-10-20 04:00

Updated : 2024-11-20 23:45


NVD link : CVE-2003-0731

Mitre link : CVE-2003-0731

CVE.ORG link : CVE-2003-0731


JSON object : View

Products Affected

cisco

  • ciscoworks_cd1
  • resource_manager
  • ciscoworks_common_management_foundation
  • resource_manager_essentials