CERTA-2002-AVI-111

Vulnerability from certfr_avis - Published: - Updated:

Un individu mal intentionné peut obtenir un accès en lecture sur les fichiers de la sonde.

Description

Une vulnérabilité a été découverte dans le serveur web utilisé par CISCO IDS Device Manager 3.1.1 pour la gestion des sondes IDS de CISCO. En utilisant une URL malicieusement formée, un individu mal intentionné peut obtenir l'accès en lecture à certains fichiers situés sur la sonde.

Solution

Contacter CISCO afin d'obtenir le correctif.

CISCO IDS Device Manager 3.1.1.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCISCO IDS Device Manager 3.1.1.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le serveur web utilis\u00e9 par CISCO\nIDS Device Manager 3.1.1 pour la gestion des sondes IDS de CISCO. En\nutilisant une URL malicieusement form\u00e9e, un individu mal intentionn\u00e9\npeut obtenir l\u0027acc\u00e8s en lecture \u00e0 certains fichiers situ\u00e9s sur la sonde.\n\n## Solution\n\nContacter CISCO afin d\u0027obtenir le correctif.\n",
  "cves": [],
  "links": [],
  "reference": "CERTA-2002-AVI-111",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Acc\u00e8s \u00e0 des donn\u00e9es non autoris\u00e9es"
    }
  ],
  "summary": "Un individu mal intentionn\u00e9 peut obtenir un acc\u00e8s en lecture sur les\nfichiers de la sonde.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans CISCO IDS Device Manager 3.1.1",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SecurityTracker",
      "url": "http://www.securitytracker.com/alerts/2002/May/1004370.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.