Sign-up

ID

VAR-200310-0032


CVE

CVE-2003-0731


TITLE

CiscoWorks Common Management Foundation (CMF) Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200310-029

DESCRIPTION

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter. Vulnerabilities exist in CiscoWorks Common Management Foundation (CMF) 2.1 and earlier versions

Trust: 1.26

sources: NVD: CVE-2003-0731 // BID: 87786 // VULHUB: VHN-7556

AFFECTED PRODUCTS

vendor:ciscomodel:resource manager essentialsscope:eqversion:2.2

Trust: 1.9

vendor:ciscomodel:resource manager essentialsscope:eqversion:2.1

Trust: 1.9

vendor:ciscomodel:resource manager essentialsscope:eqversion:2.0

Trust: 1.9

vendor:ciscomodel:ciscoworks common management foundationscope:eqversion:2.1

Trust: 1.9

vendor:ciscomodel:ciscoworks common management foundationscope:eqversion:2.0

Trust: 1.9

vendor:ciscomodel:ciscoworks cd1scope:eqversion:3rd

Trust: 1.6

vendor:ciscomodel:ciscoworks cd1scope:eqversion:4th

Trust: 1.6

vendor:ciscomodel:ciscoworks cd1scope:eqversion:5th

Trust: 1.6

vendor:ciscomodel:ciscoworks cd1scope:eqversion:1st

Trust: 1.6

vendor:ciscomodel:ciscoworks cd1scope:eqversion:2nd

Trust: 1.6

vendor:ciscomodel:resource managerscope:eqversion:1.1

Trust: 1.3

vendor:ciscomodel:resource managerscope:eqversion:1.0

Trust: 1.3

vendor:ciscomodel:ciscoworks cd1 5thscope: - version: -

Trust: 0.3

vendor:ciscomodel:ciscoworks cd1 4thscope: - version: -

Trust: 0.3

vendor:ciscomodel:ciscoworks cd1 3rdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ciscoworks cd1 2ndscope: - version: -

Trust: 0.3

vendor:ciscomodel:ciscoworks cd1 1stscope: - version: -

Trust: 0.3

sources: BID: 87786 // CNNVD: CNNVD-200310-029 // NVD: CVE-2003-0731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0731
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200310-029
value: CRITICAL

Trust: 0.6

VULHUB: VHN-7556
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-0731
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7556
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7556 // CNNVD: CNNVD-200310-029 // NVD: CVE-2003-0731

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0731

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200310-029

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200310-029

EXTERNAL IDS

db:NVDid:CVE-2003-0731

Trust: 2.0

db:CNNVDid:CNNVD-200310-029

Trust: 0.7

db:BUGTRAQid:20030813 PORTCULLIS SECURITY ADVISORY: CISCOWORKS 2000 PRIVILEGE ESCALATION VULNERABILITIES

Trust: 0.6

db:CISCOid:20030813 CISCOWORKS APPLICATION VULNERABILITIES

Trust: 0.6

db:BIDid:87786

Trust: 0.4

db:VULHUBid:VHN-7556

Trust: 0.1

sources: VULHUB: VHN-7556 // BID: 87786 // CNNVD: CNNVD-200310-029 // NVD: CVE-2003-0731

REFERENCES

url:http://www.securityfocus.com/archive/1/333028

Trust: 2.0

url:http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml

Trust: 2.0

sources: VULHUB: VHN-7556 // BID: 87786 // CNNVD: CNNVD-200310-029 // NVD: CVE-2003-0731

CREDITS

Unknown

Trust: 0.3

sources: BID: 87786

SOURCES

db:VULHUBid:VHN-7556
db:BIDid:87786
db:CNNVDid:CNNVD-200310-029
db:NVDid:CVE-2003-0731

LAST UPDATE DATE

2024-08-14T14:23:07.218000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-7556date:2008-09-10T00:00:00
db:BIDid:87786date:2003-10-20T00:00:00
db:CNNVDid:CNNVD-200310-029date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0731date:2008-09-10T19:20:19.413

SOURCES RELEASE DATE

db:VULHUBid:VHN-7556date:2003-10-20T00:00:00
db:BIDid:87786date:2003-10-20T00:00:00
db:CNNVDid:CNNVD-200310-029date:2003-10-20T00:00:00
db:NVDid:CVE-2003-0731date:2003-10-20T04:00:00