CVE-2003-0731

Published Oct 20, 2003

Last updated 16 years ago

Overview

Description: CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CD172F3-4964-410A-A7E9-5659DE662734"
          },
          {
            "criteria": "cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8305C239-6496-4CF9-9515-FDE7478877E7"
          },
          {
            "criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2C398A1-1539-4D21-A486-DDE591546949"
          },
          {
            "criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D70C0ACD-9782-468D-B283-6AA5DBEBAA8C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "006C6865-45CE-4150-9FD6-C31138DBF1DC"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "716ABF75-32B2-4E9A-A612-BA06C5C2E17D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "419D225D-28FD-4D76-ACBF-45EA35B9973E"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF809BC6-93A5-4B1D-BC3C-2A41F32D4A92"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EED9047B-5AA5-49C1-B8D1-690D505082D7"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45096D29-930F-4FE0-A23F-8C57BF62567A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC6393A1-F3A2-4D73-A845-03C9725B91A9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References