CVE-2009-1161

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:cisco:ciscoworks_common_services:3.0.3:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_common_services:3.0.4:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_common_services:3.1:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:*:windows:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_common_services:3.2:*:windows:*:*:*:*:*
OR cpe:2.3:a:cisco:ciscoworks_health_and_utilization_monitor:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_health_and_utilization_monitor:1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_qos_policy_manager:4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_qos_policy_manager:4.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_voice_manager:3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:ciscoworks_voice_manager:3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:telepresence_readiness_assessment_manager:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_provisioning_manager:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_provisioning_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_provisioning_manager:1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_provisioning_manager:1.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_service_monitor:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_service_monitor:1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_service_monitor:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_service_monitor:2.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:01

Type Values Removed Values Added
References () http://jvn.jp/en/jp/JVN62527913/index.html - () http://jvn.jp/en/jp/JVN62527913/index.html -
References () http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html - () http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html -
References () http://osvdb.org/54616 - () http://osvdb.org/54616 -
References () http://secunia.com/advisories/35179 - () http://secunia.com/advisories/35179 -
References () http://securitytracker.com/id?1022263 - () http://securitytracker.com/id?1022263 -
References () http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml - Patch, Vendor Advisory () http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/35040 - () http://www.securityfocus.com/bid/35040 -
References () http://www.vupen.com/english/advisories/2009/1390 - () http://www.vupen.com/english/advisories/2009/1390 -

Information

Published : 2009-05-21 14:30

Updated : 2024-11-21 01:01


NVD link : CVE-2009-1161

Mitre link : CVE-2009-1161

CVE.ORG link : CVE-2009-1161


JSON object : View

Products Affected

cisco

  • ciscoworks_common_services
  • ciscoworks_health_and_utilization_monitor
  • ciscoworks_voice_manager
  • telepresence_readiness_assessment_manager
  • unified_service_monitor
  • unified_provisioning_manager
  • unified_operations_manager
  • ciscoworks_lan_management_solution
  • security_manager
  • ciscoworks_qos_policy_manager
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')