Privilege Escalation Vulnerability in CiscoWorks Common Management Foundation
CVE-2003-0731

Currently unrated

Key Information:

Vendor: Cisco
Status: Resource Manager Essentials; Resource Manager
Vendor: CVE Published:; 20 October 2003

Summary

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier versions are susceptible to a privilege escalation vulnerability that permits a guest user to unlawfully obtain administrative rights. This exploit is realized through a specific POST request directed to the CsAuthServlet, where the 'cmd' parameter is utilized to execute 'modifyUser' operations, accompanied by tampered 'privileges' parameters. This vulnerability could allow unauthorized actions to be taken by users without suitable permissions, potentially compromising the security of systems utilizing this product.

References

http://www.securityfocus.com/archive/1/333028

mailing-listx_refsource_BUGTRAQ

http://www.cisco.com/warp/public/707/cisco-sa-20030813-cm...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 20, 2003