Privilege Escalation in CiscoWorks Common Management Foundation by Guest User Manipulation
CVE-2003-0732

Currently unrated

Key Information:

Vendor: Cisco
Status: Resource Manager Essentials; Resource Manager
Vendor: CVE Published:; 20 October 2003

Summary

The CiscoWorks Common Management Foundation (CMF) versions 2.1 and earlier are susceptible to a vulnerability that allows a guest user to exploit user management functions. By manipulating the 'guest' account to gain admin privileges through the Modify or Delete Users pages, unauthorized users may access restricted information and potentially take control of the system. This critical flaw emphasizes the need for robust user access controls and prompt updates to secure sensitive management interfaces.

References

http://www.securityfocus.com/archive/1/333028

mailing-listx_refsource_BUGTRAQ

http://www.cisco.com/warp/public/707/cisco-sa-20030813-cm...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 20, 2003