Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2010-3036

Vulnerability from fkie_nvd - Published: 2010-10-29 19:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.

References

URL	Tags
psirt@cisco.com	http://osvdb.org/68927
psirt@cisco.com	http://secunia.com/advisories/42011	Vendor Advisory
psirt@cisco.com	http://securitytracker.com/id?1024646
psirt@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml	Patch, Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/44468	Patch
psirt@cisco.com	http://www.vupen.com/english/advisories/2010/2793	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/68927
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42011	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1024646
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44468	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2793	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ciscoworks_common_services	3.0.5
cisco	ciscoworks_common_services	3.0.6
cisco	ciscoworks_common_services	3.1
cisco	ciscoworks_common_services	3.1.1
cisco	ciscoworks_common_services	3.2
cisco	ciscoworks_common_services	3.3
cisco	ciscoworks_lan_management_solution	2.6
cisco	ciscoworks_lan_management_solution	3.0
cisco	ciscoworks_lan_management_solution	3.0
cisco	ciscoworks_lan_management_solution	3.1
cisco	ciscoworks_lan_management_solution	3.2
cisco	qos_policy_manager	4.0
cisco	qos_policy_manager	4.0.1
cisco	qos_policy_manager	4.0.2
cisco	security_manager	3.0.2
cisco	security_manager	3.2
cisco	telepresence_readiness_assessment_manager	1.0
cisco	unified_operations_manager	2.0.1
cisco	unified_operations_manager	2.0.2
cisco	unified_operations_manager	2.0.3
cisco	unified_service_monitor	2.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88AD3EC2-36B1-4E34-BD7F-B1D02B32178A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC9C408-0BE2-45A6-ACB3-B9EBB22BC773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "499CD64C-8692-4BE7-8F5E-5964ACDA1972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2152A29-7074-4659-AA8A-BB3E793ED4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "518309CD-F453-4B0B-8C1D-E534CE0E336B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "22DE1462-59AC-40BE-89DF-AB43CA3EC7BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.6:update:*:*:*:*:*:*",
              "matchCriteriaId": "3D8B4ED2-15B4-4FE1-A159-D6435B5DCA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CF9518-2D68-4E95-862B-54B622622B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:december_2007:*:*:*:*:*:*",
              "matchCriteriaId": "D81D6312-9A3E-483D-BBFC-C7688B3872A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C446E75-5404-4875-AD94-DF953A7874FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8493C0-A3FF-473A-BFD5-DB6051AE8DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:qos_policy_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEE8595-B861-4DAB-9708-B2DA30C36C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:qos_policy_manager:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96C5C060-E09E-4F28-9B87-0417DBFB9368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:qos_policy_manager:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83FCE4EC-B432-4768-BF3A-F1A29BD6B4B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F831EEB-A499-4C76-A085-52F3D750E0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4686AD6B-CAB3-4CE5-9B13-D30613C614CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_readiness_assessment_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "668AEB8D-4923-4EAE-A67A-979D7B816108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2DF29A-4E30-442C-BB14-F22D955B112A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CA03A21-13EF-476E-892B-D0A494779594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "107A78CC-8943-4D33-BE60-CBFC72FE405D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA713155-3826-401C-88E6-5D556513877A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
    },
    {
      "lang": "es",
      "value": "Multiples desbordamientos de b\u00fafer en la funci\u00f3n de autenticaci\u00f3n en el m\u00f3dulo web-server de Cisco CiscoWorks Common Services anterior a v4.0 permite a los atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de sesiones TCP en el puerto (1) 443 o (2) 1741, tambi\u00e9n conocido como \"Bug ID CSCti41352\"."
    }
  ],
  "id": "CVE-2010-3036",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-29T19:00:02.013",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://osvdb.org/68927"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42011"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1024646"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/44468"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/68927"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/44468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2793"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2009-1161

Vulnerability from fkie_nvd - Published: 2009-05-21 14:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

References

URL	Tags
psirt@cisco.com	http://jvn.jp/en/jp/JVN62527913/index.html
psirt@cisco.com	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html
psirt@cisco.com	http://osvdb.org/54616
psirt@cisco.com	http://secunia.com/advisories/35179
psirt@cisco.com	http://securitytracker.com/id?1022263
psirt@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml	Patch, Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/35040
psirt@cisco.com	http://www.vupen.com/english/advisories/2009/1390
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN62527913/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/54616
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35179
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022263
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35040
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1390

Impacted products

Vendor	Product	Version
cisco	ciscoworks_common_services	3.0.3
cisco	ciscoworks_common_services	3.0.4
cisco	ciscoworks_common_services	3.0.5
cisco	ciscoworks_common_services	3.0.6
cisco	ciscoworks_common_services	3.1
cisco	ciscoworks_common_services	3.1.1
cisco	ciscoworks_common_services	3.2
cisco	ciscoworks_health_and_utilization_monitor	1.0
cisco	ciscoworks_health_and_utilization_monitor	1.1
cisco	ciscoworks_lan_management_solution	2.5
cisco	ciscoworks_lan_management_solution	2.6
cisco	ciscoworks_lan_management_solution	3.0
cisco	ciscoworks_lan_management_solution	3.1
cisco	ciscoworks_qos_policy_manager	4.0
cisco	ciscoworks_qos_policy_manager	4.1
cisco	ciscoworks_voice_manager	3.0
cisco	ciscoworks_voice_manager	3.1
cisco	security_manager	3.0
cisco	security_manager	3.1
cisco	security_manager	3.2
cisco	telepresence_readiness_assessment_manager	1.0
cisco	unified_operations_manager	1.0
cisco	unified_operations_manager	1.1
cisco	unified_operations_manager	2.0
cisco	unified_operations_manager	2.1
cisco	unified_provisioning_manager	1.0
cisco	unified_provisioning_manager	1.1
cisco	unified_provisioning_manager	1.2
cisco	unified_provisioning_manager	1.3
cisco	unified_service_monitor	1.0
cisco	unified_service_monitor	1.1
cisco	unified_service_monitor	2.0
cisco	unified_service_monitor	2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.3:*:windows:*:*:*:*:*",
              "matchCriteriaId": "EFFC3AE9-1B61-44F8-938B-6363EDB2DD5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.4:*:windows:*:*:*:*:*",
              "matchCriteriaId": "1BB12692-8BCD-4601-83AE-12F1AFD1EF03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:*:windows:*:*:*:*:*",
              "matchCriteriaId": "1017A34C-A119-41D4-AE10-1E35FAFF0547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:*:windows:*:*:*:*:*",
              "matchCriteriaId": "5399066A-658B-4494-A291-DB20E0CE7687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "BD8374C6-D8A3-43CB-A9F7-8A71CD69BE9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "DC455CA4-A1F7-4614-9A6F-ABCB0C9026E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "F5941482-DB47-49E8-90BA-650073C3A233",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_health_and_utilization_monitor:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CC556B9-7073-41E3-8099-00B796F8B68B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_health_and_utilization_monitor:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "87814504-DC6B-41CA-873E-F46B2F71A3FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB783DD2-C6B7-406B-9DC4-E1BC832D025C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CBDA0C-EE71-459C-AFA1-9879C6727287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CF9518-2D68-4E95-862B-54B622622B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C446E75-5404-4875-AD94-DF953A7874FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_qos_policy_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30B25F2-2DEB-4254-88DB-FA31AB6CA04D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_qos_policy_manager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F77163A8-3F2F-473F-B776-A155D94011DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_voice_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1F143B9-20B4-4140-805F-5F709290D6E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ciscoworks_voice_manager:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "562CA8A8-C17E-4985-8EA0-E2CB61355FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BE4D6E7-9884-4C7B-BD40-F8C08E78E93A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "921F93B3-84A8-471B-9A3A-780C76BA3685",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4686AD6B-CAB3-4CE5-9B13-D30613C614CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_readiness_assessment_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "668AEB8D-4923-4EAE-A67A-979D7B816108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC421340-135D-45AD-8E59-F1B62805ABEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C453852A-D639-4872-B8FE-AE7E2BC019A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D4CAE-582C-47F5-A3D5-CC1D3BE00308",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0337CC9-B682-4135-B5C8-745B41474EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "14FC0DD7-81A3-4294-ACA5-0F8B05E7CC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A5A8958-B3DE-443B-921F-3AE25FFBF615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2F5BDC-A768-4A07-92A2-1C9DF484C3A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6041F558-D641-4067-BBC8-EC23D0A1ED18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56101F5A-4099-4027-859D-07CFE598F1B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en el servicio TFTP en Cisco CiscoWorks Common Services (CWCS) v3.0.x hasta v3.2.x en Windows, tambi\u00e9n utilizado en Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager y otros productos, lo que permite atacantes remotos acceder a ficheros arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2009-1161",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-05-21T14:30:00.390",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://osvdb.org/54616"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/35179"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1022263"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/35040"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.vupen.com/english/advisories/2009/1390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1022263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1390"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-3036 (GCVE-0-2010-3036)

Vulnerability from cvelistv5 – Published: 2010-10-29 18:00 – Updated: 2024-08-07 02:55

Summary

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

cisco

References

URL

Tags

	http://osvdb.org/68927	vdb-entryx_refsource_OSVDB
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://securitytracker.com/id?1024646	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/44468	vdb-entryx_refsource_BID
	http://secunia.com/advisories/42011	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/2793	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68927",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/68927"
          },
          {
            "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
          },
          {
            "name": "1024646",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024646"
          },
          {
            "name": "44468",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44468"
          },
          {
            "name": "42011",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42011"
          },
          {
            "name": "ADV-2010-2793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2793"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-11-06T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "68927",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/68927"
        },
        {
          "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
        },
        {
          "name": "1024646",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024646"
        },
        {
          "name": "44468",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44468"
        },
        {
          "name": "42011",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42011"
        },
        {
          "name": "ADV-2010-2793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2793"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-3036",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68927",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/68927"
            },
            {
              "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
            },
            {
              "name": "1024646",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1024646"
            },
            {
              "name": "44468",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44468"
            },
            {
              "name": "42011",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42011"
            },
            {
              "name": "ADV-2010-2793",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2793"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2010-3036",
    "datePublished": "2010-10-29T18:00:00",
    "dateReserved": "2010-08-17T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-1161 (GCVE-0-2009-1161)

Vulnerability from cvelistv5 – Published: 2009-05-21 14:00 – Updated: 2024-08-07 05:04

Summary

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

cisco

References

URL

Tags

	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-0…	third-party-advisoryx_refsource_JVNDB
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/35040	vdb-entryx_refsource_BID
	http://jvn.jp/en/jp/JVN62527913/index.html	third-party-advisoryx_refsource_JVN
	http://osvdb.org/54616	vdb-entryx_refsource_OSVDB
	http://securitytracker.com/id?1022263	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2009/1390	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/35179	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:48.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2009-000032",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
          },
          {
            "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
          },
          {
            "name": "35040",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35040"
          },
          {
            "name": "JVN#62527913",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
          },
          {
            "name": "54616",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/54616"
          },
          {
            "name": "1022263",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022263"
          },
          {
            "name": "ADV-2009-1390",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1390"
          },
          {
            "name": "35179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35179"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-06-04T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "JVNDB-2009-000032",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
        },
        {
          "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
        },
        {
          "name": "35040",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35040"
        },
        {
          "name": "JVN#62527913",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
        },
        {
          "name": "54616",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/54616"
        },
        {
          "name": "1022263",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022263"
        },
        {
          "name": "ADV-2009-1390",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1390"
        },
        {
          "name": "35179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35179"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2009-1161",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2009-000032",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
            },
            {
              "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
            },
            {
              "name": "35040",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35040"
            },
            {
              "name": "JVN#62527913",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
            },
            {
              "name": "54616",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/54616"
            },
            {
              "name": "1022263",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022263"
            },
            {
              "name": "ADV-2009-1390",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1390"
            },
            {
              "name": "35179",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35179"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2009-1161",
    "datePublished": "2009-05-21T14:00:00",
    "dateReserved": "2009-03-26T00:00:00",
    "dateUpdated": "2024-08-07T05:04:48.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3036 (GCVE-0-2010-3036)

Vulnerability from nvd – Published: 2010-10-29 18:00 – Updated: 2024-08-07 02:55

Summary

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

cisco

References

URL

Tags

	http://osvdb.org/68927	vdb-entryx_refsource_OSVDB
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://securitytracker.com/id?1024646	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/44468	vdb-entryx_refsource_BID
	http://secunia.com/advisories/42011	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/2793	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68927",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/68927"
          },
          {
            "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
          },
          {
            "name": "1024646",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024646"
          },
          {
            "name": "44468",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44468"
          },
          {
            "name": "42011",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42011"
          },
          {
            "name": "ADV-2010-2793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2793"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-11-06T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "68927",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/68927"
        },
        {
          "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
        },
        {
          "name": "1024646",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024646"
        },
        {
          "name": "44468",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44468"
        },
        {
          "name": "42011",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42011"
        },
        {
          "name": "ADV-2010-2793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2793"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2010-3036",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68927",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/68927"
            },
            {
              "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
            },
            {
              "name": "1024646",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1024646"
            },
            {
              "name": "44468",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44468"
            },
            {
              "name": "42011",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42011"
            },
            {
              "name": "ADV-2010-2793",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2793"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2010-3036",
    "datePublished": "2010-10-29T18:00:00",
    "dateReserved": "2010-08-17T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-1161 (GCVE-0-2009-1161)

Vulnerability from nvd – Published: 2009-05-21 14:00 – Updated: 2024-08-07 05:04

Summary

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

cisco

References

URL

Tags

	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-0…	third-party-advisoryx_refsource_JVNDB
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/35040	vdb-entryx_refsource_BID
	http://jvn.jp/en/jp/JVN62527913/index.html	third-party-advisoryx_refsource_JVN
	http://osvdb.org/54616	vdb-entryx_refsource_OSVDB
	http://securitytracker.com/id?1022263	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2009/1390	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/35179	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:48.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2009-000032",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
          },
          {
            "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
          },
          {
            "name": "35040",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35040"
          },
          {
            "name": "JVN#62527913",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
          },
          {
            "name": "54616",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/54616"
          },
          {
            "name": "1022263",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1022263"
          },
          {
            "name": "ADV-2009-1390",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1390"
          },
          {
            "name": "35179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35179"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-06-04T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "JVNDB-2009-000032",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
        },
        {
          "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
        },
        {
          "name": "35040",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35040"
        },
        {
          "name": "JVN#62527913",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
        },
        {
          "name": "54616",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/54616"
        },
        {
          "name": "1022263",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1022263"
        },
        {
          "name": "ADV-2009-1390",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1390"
        },
        {
          "name": "35179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35179"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2009-1161",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2009-000032",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
            },
            {
              "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
            },
            {
              "name": "35040",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35040"
            },
            {
              "name": "JVN#62527913",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
            },
            {
              "name": "54616",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/54616"
            },
            {
              "name": "1022263",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1022263"
            },
            {
              "name": "ADV-2009-1390",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1390"
            },
            {
              "name": "35179",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35179"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2009-1161",
    "datePublished": "2009-05-21T14:00:00",
    "dateReserved": "2009-03-26T00:00:00",
    "dateUpdated": "2024-08-07T05:04:48.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

6 vulnerabilities found for telepresence_readiness_assessment_manager by cisco

FKIE_CVE-2010-3036

FKIE_CVE-2009-1161

CVE-2010-3036 (GCVE-0-2010-3036)

CVE-2009-1161 (GCVE-0-2009-1161)

CVE-2010-3036 (GCVE-0-2010-3036)

CVE-2009-1161 (GCVE-0-2009-1161)