Directory Traversal Vulnerability in CiscoWorks Common Services
CVE-2011-0966

Currently unrated

Key Information:

Vendor: Cisco
Status: Ciscoworks Common Services
Vendor: CVE Published:; 20 May 2011

Summary

A directory traversal vulnerability exists in the Homepage Auditing component of CiscoWorks Common Services, which allows remote attackers to access sensitive files on the server. By manipulating the file parameter with a .. (dot dot), attackers can exploit this weakness to read arbitrary files, potentially exposing critical system information or user data.

References

http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf

x_refsource_MISC

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

http://www.exploit-db.com/exploits/17304

exploitx_refsource_EXPLOIT-DB

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
Feb 10, 2011