Directory Traversal Vulnerability in CiscoWorks Common Services for Windows
CVE-2009-1161

Currently unrated

Key Information:

Vendor: Cisco
Status: Ciscoworks Common Services; Ciscoworks Health And Utilization Monitor; Ciscoworks Lan Management Solution; Ciscoworks Qos Policy Manager
Vendor: CVE Published:; 21 May 2009

Summary

A directory traversal vulnerability exists in the TFTP service of CiscoWorks Common Services for Windows, versions 3.0.x through 3.2.x. This flaw allows remote attackers to exploit the TFTP service, enabling them to access arbitrary files on the system through unspecified vectors. Products utilizing CiscoWorks Common Services, such as Cisco Unified Service Monitor, Security Manager, and several other applications, are particularly at risk, as they could inadvertently allow unauthorized file exposure. Proper security measures must be implemented to mitigate this vulnerability.

References

http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html

third-party-advisoryx_refsource_JVNDB

http://www.cisco.com/en/US/products/products_security_adv...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/35040

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 21, 2009
Vulnerability Reserved
Mar 26, 2009