CVE-2011-0966

Currently unrated

Key Information:

Vendor: Cisco
Status: Ciscoworks Common Services
Vendor: CVE Published:; 20 May 2011

Summary

Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.

References

http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf

x_refsource_MISC

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

http://www.exploit-db.com/exploits/17304

exploitx_refsource_EXPLOIT-DB

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
Feb 10, 2011