Title: CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability
Severity: CRITICAL
Description:
CiscoWorks Common Services is a component of the CiscoWorks network management product.
The Trivial File Transfer Protocol (TFTP) server included with CiscoWorks Common Services is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input in TFTP requests.
A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to upload and download arbitrary files outside of the TFTP server root directory. This may result in a denial-of-service condition or lead to a complete compromise of the affected computer.
This issue is tracked by Cisco Bug ID CSCsx07107.
CiscoWorks Common Services 3.0.x, 3.1.x, and 3.2.x running on Microsoft Windows are vulnerable.
Affected Products:
- Cisco Cisco Security Manager (CSM) 3.0
- Cisco Cisco Security Manager (CSM) 3.0.1
- Cisco Cisco Security Manager (CSM) 3.0.2
- Cisco Cisco Security Manager (CSM) 3.1
- Cisco Cisco Security Manager (CSM) 3.1.1
- Cisco Cisco Security Manager (CSM) 3.2
- Cisco Cisco Security Manager (CSM) 3.2.2
- Cisco Cisco Unified Operations Manager (CUOM) 1.0
- Cisco Cisco Unified Operations Manager (CUOM) 1.1
- Cisco Cisco Unified Operations Manager (CUOM) 2.0
- Cisco Cisco Unified Operations Manager (CUOM) 2.0.1
- Cisco Cisco Unified Operations Manager (CUOM) 2.0.2
- Cisco Cisco Unified Operations Manager (CUOM) 2.0.3
- Cisco Cisco Unified Operations Manager (CUOM) 2.1
- Cisco Cisco Unified Provisioning Manager 1.0
- Cisco Cisco Unified Provisioning Manager 1.1
- Cisco Cisco Unified Provisioning Manager 1.2
- Cisco Cisco Unified Provisioning Manager 1.3
- Cisco Cisco Unified Service Monitor 1.0
- Cisco Cisco Unified Service Monitor 1.1
- Cisco Cisco Unified Service Monitor 2.0
- Cisco Cisco Unified Service Monitor 2.1
- Cisco CiscoWorks Common Service 3.0
- Cisco CiscoWorks Common Services 2.2.0
- Cisco CiscoWorks Common Services 3.0
- Cisco CiscoWorks Common Services 3.0.3
- Cisco CiscoWorks Common Services 3.0.4
- Cisco CiscoWorks Common Services 3.0.5
- Cisco CiscoWorks Common Services 3.0.6
- Cisco CiscoWorks Common Services 3.1
- Cisco CiscoWorks Common Services 3.1.1
- Cisco CiscoWorks Common Services 3.2
- Cisco CiscoWorks Health and Utilization Monitor 1.0
- Cisco CiscoWorks Health and Utilization Monitor 1.1
- Cisco CiscoWorks LMS 3.0
- Cisco CiscoWorks Lan Management Solution 2.5
- Cisco CiscoWorks Lan Management Solution 2.6
- Cisco CiscoWorks Lan Management Solution 3.0
- Cisco CiscoWorks QoS Policy Manager 4.0
- Cisco CiscoWorks QoS Policy Manager 4.1
- Cisco CiscoWorks Voice Manager 3.0
- Cisco CiscoWorks Voice Manager 3.1
- Cisco TelePresence Readiness Assessment Manager (CTRAM) 1.0
References:
- Cisco: Cisco Homepage
- Cisco: Cisco Security Advisory: CiscoWorks TFTP Directory Traversal Vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
