CVE-2003-0732

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/333028	Exploit Vendor Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/333028	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:resource_manager:1.0:::::::*
	cpe:2.3:a:cisco:resource_manager:1.1:::::::*
	cpe:2.3:a:cisco:resource_manager_essentials:2.0:::::::*
	cpe:2.3:a:cisco:resource_manager_essentials:2.1:::::::*
	cpe:2.3:a:cisco:resource_manager_essentials:2.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:1st:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:2nd:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:3rd:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:4th:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:5th:::::::*

History

20 Nov 2024, 23:45

Type	Values Removed	Values Added
References	~~() http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml - Patch, Vendor Advisory~~	() http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/333028 - Exploit, Vendor Advisory~~	() http://www.securityfocus.com/archive/1/333028 - Exploit, Vendor Advisory

Information

Published : 2003-10-20 04:00

Updated : 2024-11-20 23:45

NVD link : CVE-2003-0732

Mitre link : CVE-2003-0732

CVE.ORG link : CVE-2003-0732

JSON object : View

Products Affected

cisco

ciscoworks_cd1
resource_manager
ciscoworks_common_management_foundation
resource_manager_essentials

CWE

NVD-CWE-Other

{"id": "CVE-2003-0732", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-10-20T04:00:00.000", "references": [{"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/333028", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/333028", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the \"guest\" user to the Admin user on the Modify or delete users pages."}], "lastModified": "2024-11-20T23:45:23.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CD172F3-4964-410A-A7E9-5659DE662734"}, {"criteria": "cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8305C239-6496-4CF9-9515-FDE7478877E7"}, {"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2C398A1-1539-4D21-A486-DDE591546949"}, {"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D70C0ACD-9782-468D-B283-6AA5DBEBAA8C"}, {"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "006C6865-45CE-4150-9FD6-C31138DBF1DC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "716ABF75-32B2-4E9A-A612-BA06C5C2E17D"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B"}, {"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "419D225D-28FD-4D76-ACBF-45EA35B9973E"}, {"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF809BC6-93A5-4B1D-BC3C-2A41F32D4A92"}, {"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EED9047B-5AA5-49C1-B8D1-690D505082D7"}, {"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45096D29-930F-4FE0-A23F-8C57BF62567A"}, {"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC6393A1-F3A2-4D73-A845-03C9725B91A9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}