Vulnerabilities > CVE-2003-0731 - Remote Security vulnerability in Resource Manager

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

cisco

critical

NVD

Published: 2003-10-20

Updated: 2008-09-10

Summary

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Resource Manager 1.0 Cisco Resource Manager 1.1 Cisco Resource Manager Essentials 2.0 Cisco Resource Manager Essentials 2.1 Cisco Resource Manager Essentials 2.2 Cisco Ciscoworks Common Management Foundation 2.0 Cisco Ciscoworks Common Management Foundation 2.1	7
OS	Cisco Cisco Ciscoworks CD1 1St Cisco Ciscoworks CD1 2Nd Cisco Ciscoworks CD1 3Rd Cisco Ciscoworks CD1 4Th Cisco Ciscoworks CD1 5Th	5

Summary

Vulnerable Configurations

References