Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2003-0732

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.

Published

2003-10-20T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	resource_manager	1.0	Yes
Application	cisco	resource_manager	1.1	Yes
Application	cisco	resource_manager_essentials	2.0	Yes
Application	cisco	resource_manager_essentials	2.1	Yes
Application	cisco	resource_manager_essentials	2.2	Yes
Application	cisco	ciscoworks_common_management_foundation	2.0	Yes
Application	cisco	ciscoworks_common_management_foundation	2.1	Yes
Operating System	cisco	ciscoworks_cd1	1st	Yes
Operating System	cisco	ciscoworks_cd1	2nd	Yes
Operating System	cisco	ciscoworks_cd1	3rd	Yes
Operating System	cisco	ciscoworks_cd1	4th	Yes
Operating System	cisco	ciscoworks_cd1	5th	Yes

References

http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/333028 Exploit, Vendor Advisory ([email protected])
http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/333028 Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)