CVE-2009-1161

EPSS 1.62%
Published 21.05.2009 14:30:00
Last modified 09.04.2025 00:30:58
Source psirt@cisco.com
Teams watchlist Login
Open Login

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ciscoworks Common Services Version3.0.3 Editionwindows

Cisco ≫ Ciscoworks Common Services Version3.0.4 Editionwindows

Cisco ≫ Ciscoworks Common Services Version3.0.5 Editionwindows

Cisco ≫ Ciscoworks Common Services Version3.0.6 Editionwindows

Cisco ≫ Ciscoworks Common Services Version3.1 Editionwindows

Cisco ≫ Ciscoworks Common Services Version3.1.1 Editionwindows

Cisco ≫ Ciscoworks Common Services Version3.2 Editionwindows

Cisco ≫ Ciscoworks Health And Utilization Monitor Version1.0

Cisco ≫ Ciscoworks Health And Utilization Monitor Version1.1

Cisco ≫ Ciscoworks Lan Management Solution Version2.5

Cisco ≫ Ciscoworks Lan Management Solution Version2.6

Cisco ≫ Ciscoworks Lan Management Solution Version3.0

Cisco ≫ Ciscoworks Lan Management Solution Version3.1

Cisco ≫ Ciscoworks Qos Policy Manager Version4.0

Cisco ≫ Ciscoworks Qos Policy Manager Version4.1

Cisco ≫ Ciscoworks Voice Manager Version3.0

Cisco ≫ Ciscoworks Voice Manager Version3.1

Cisco ≫ Security Manager Version3.0

Cisco ≫ Security Manager Version3.1

Cisco ≫ Security Manager Version3.2

Cisco ≫ Telepresence Readiness Assessment Manager Version1.0

Cisco ≫ Unified Operations Manager Version1.0

Cisco ≫ Unified Operations Manager Version1.1

Cisco ≫ Unified Operations Manager Version2.0

Cisco ≫ Unified Operations Manager Version2.1

Cisco ≫ Unified Provisioning Manager Version1.0

Cisco ≫ Unified Provisioning Manager Version1.1

Cisco ≫ Unified Provisioning Manager Version1.2

Cisco ≫ Unified Provisioning Manager Version1.3

Cisco ≫ Unified Service Monitor Version1.0

Cisco ≫ Unified Service Monitor Version1.1

Cisco ≫ Unified Service Monitor Version2.0

Cisco ≫ Unified Service Monitor Version2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.62%	0.801

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://jvn.jp/en/jp/JVN62527913/index.html

http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html

http://osvdb.org/54616

http://secunia.com/advisories/35179

http://securitytracker.com/id?1022263

http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml

Patch

Vendor Advisory

http://www.securityfocus.com/bid/35040

http://www.vupen.com/english/advisories/2009/1390

https://nvd.nist.gov/vuln/detail/CVE-2009-1161

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1161

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1161

EUVD