All the vulnerabilites related to cisco - resource_manager_essentials
cve-2003-0732
Vulnerability from cvelistv5
Published
2003-09-04 04:00
Modified
2024-09-17 01:00
Severity ?
EPSS score ?
Summary
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/333028 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/333028"
},
{
"name": "20030813 CiscoWorks Application Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the \"guest\" user to the Admin user on the Modify or delete users pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-09-04T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/333028"
},
{
"name": "20030813 CiscoWorks Application Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the \"guest\" user to the Admin user on the Modify or delete users pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/333028"
},
{
"name": "20030813 CiscoWorks Application Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0732",
"datePublished": "2003-09-04T04:00:00Z",
"dateReserved": "2003-09-03T00:00:00Z",
"dateUpdated": "2024-09-17T01:00:40.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0731
Vulnerability from cvelistv5
Published
2003-09-04 04:00
Modified
2024-09-16 23:11
Severity ?
EPSS score ?
Summary
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/333028 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/333028"
},
{
"name": "20030813 CiscoWorks Application Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the \"cmd\" parameter with a modifyUser value and a modified \"priviledges\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-09-04T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/333028"
},
{
"name": "20030813 CiscoWorks Application Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the \"cmd\" parameter with a modifyUser value and a modified \"priviledges\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/333028"
},
{
"name": "20030813 CiscoWorks Application Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0731",
"datePublished": "2003-09-04T04:00:00Z",
"dateReserved": "2003-09-03T00:00:00Z",
"dateUpdated": "2024-09-16T23:11:05.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2003-10-20 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/333028 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/333028 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | resource_manager | 1.0 | |
| cisco | resource_manager | 1.1 | |
| cisco | resource_manager_essentials | 2.0 | |
| cisco | resource_manager_essentials | 2.1 | |
| cisco | resource_manager_essentials | 2.2 | |
| cisco | ciscoworks_common_management_foundation | 2.0 | |
| cisco | ciscoworks_common_management_foundation | 2.1 | |
| cisco | ciscoworks_cd1 | 1st | |
| cisco | ciscoworks_cd1 | 2nd | |
| cisco | ciscoworks_cd1 | 3rd | |
| cisco | ciscoworks_cd1 | 4th | |
| cisco | ciscoworks_cd1 | 5th |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD172F3-4964-410A-A7E9-5659DE662734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8305C239-6496-4CF9-9515-FDE7478877E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C398A1-1539-4D21-A486-DDE591546949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D70C0ACD-9782-468D-B283-6AA5DBEBAA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "006C6865-45CE-4150-9FD6-C31138DBF1DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "716ABF75-32B2-4E9A-A612-BA06C5C2E17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*",
"matchCriteriaId": "419D225D-28FD-4D76-ACBF-45EA35B9973E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*",
"matchCriteriaId": "AF809BC6-93A5-4B1D-BC3C-2A41F32D4A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*",
"matchCriteriaId": "EED9047B-5AA5-49C1-B8D1-690D505082D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*",
"matchCriteriaId": "45096D29-930F-4FE0-A23F-8C57BF62567A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*",
"matchCriteriaId": "AC6393A1-F3A2-4D73-A845-03C9725B91A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the \"cmd\" parameter with a modifyUser value and a modified \"priviledges\" parameter."
}
],
"id": "CVE-2003-0731",
"lastModified": "2024-11-20T23:45:23.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/333028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/333028"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-10-20 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/333028 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/333028 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | resource_manager | 1.0 | |
| cisco | resource_manager | 1.1 | |
| cisco | resource_manager_essentials | 2.0 | |
| cisco | resource_manager_essentials | 2.1 | |
| cisco | resource_manager_essentials | 2.2 | |
| cisco | ciscoworks_common_management_foundation | 2.0 | |
| cisco | ciscoworks_common_management_foundation | 2.1 | |
| cisco | ciscoworks_cd1 | 1st | |
| cisco | ciscoworks_cd1 | 2nd | |
| cisco | ciscoworks_cd1 | 3rd | |
| cisco | ciscoworks_cd1 | 4th | |
| cisco | ciscoworks_cd1 | 5th |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD172F3-4964-410A-A7E9-5659DE662734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8305C239-6496-4CF9-9515-FDE7478877E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C398A1-1539-4D21-A486-DDE591546949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D70C0ACD-9782-468D-B283-6AA5DBEBAA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "006C6865-45CE-4150-9FD6-C31138DBF1DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "716ABF75-32B2-4E9A-A612-BA06C5C2E17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*",
"matchCriteriaId": "419D225D-28FD-4D76-ACBF-45EA35B9973E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*",
"matchCriteriaId": "AF809BC6-93A5-4B1D-BC3C-2A41F32D4A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*",
"matchCriteriaId": "EED9047B-5AA5-49C1-B8D1-690D505082D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*",
"matchCriteriaId": "45096D29-930F-4FE0-A23F-8C57BF62567A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*",
"matchCriteriaId": "AC6393A1-F3A2-4D73-A845-03C9725B91A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the \"guest\" user to the Admin user on the Modify or delete users pages."
}
],
"id": "CVE-2003-0732",
"lastModified": "2024-11-20T23:45:23.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/333028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/333028"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}