Details of VAR-200310-0033

ID

VAR-200310-0033

CVE

CVE-2003-0732

TITLE

CiscoWorks Common Management Foundation (CMF) Boost privilege vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200310-064

DESCRIPTION

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages. Vulnerabilities exist in CiscoWorks Common Management Foundation (CMF) 2.1 and earlier versions

Trust: 1.26

sources: NVD: CVE-2003-0732 // BID: 87724 // VULHUB: VHN-7557

AFFECTED PRODUCTS

vendor:	cisco	model:	resource manager essentials	scope:	eq	version:	2.2	Trust: 1.9
vendor:	cisco	model:	resource manager essentials	scope:	eq	version:	2.1	Trust: 1.9
vendor:	cisco	model:	resource manager essentials	scope:	eq	version:	2.0	Trust: 1.9
vendor:	cisco	model:	ciscoworks common management foundation	scope:	eq	version:	2.1	Trust: 1.9
vendor:	cisco	model:	ciscoworks common management foundation	scope:	eq	version:	2.0	Trust: 1.9
vendor:	cisco	model:	ciscoworks cd1	scope:	eq	version:	3rd	Trust: 1.6
vendor:	cisco	model:	ciscoworks cd1	scope:	eq	version:	4th	Trust: 1.6
vendor:	cisco	model:	ciscoworks cd1	scope:	eq	version:	5th	Trust: 1.6
vendor:	cisco	model:	ciscoworks cd1	scope:	eq	version:	1st	Trust: 1.6
vendor:	cisco	model:	ciscoworks cd1	scope:	eq	version:	2nd	Trust: 1.6
vendor:	cisco	model:	resource manager	scope:	eq	version:	1.1	Trust: 1.3
vendor:	cisco	model:	resource manager	scope:	eq	version:	1.0	Trust: 1.3
vendor:	cisco	model:	ciscoworks cd1 5th	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks cd1 4th	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks cd1 3rd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks cd1 2nd	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ciscoworks cd1 1st	scope:	-	version:	-	Trust: 0.3

sources: BID: 87724 // CNNVD: CNNVD-200310-064 // NVD: CVE-2003-0732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0732
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200310-064
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-7557
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-0732
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7557
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7557 // CNNVD: CNNVD-200310-064 // NVD: CVE-2003-0732

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0732

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200310-064

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200310-064

EXTERNAL IDS

db:	NVD	id:	CVE-2003-0732	Trust: 2.0
db:	CNNVD	id:	CNNVD-200310-064	Trust: 0.7
db:	BUGTRAQ	id:	20030813 PORTCULLIS SECURITY ADVISORY: CISCOWORKS 2000 PRIVILEGE ESCALATION VULNERABILITIES	Trust: 0.6
db:	CISCO	id:	20030813 CISCOWORKS APPLICATION VULNERABILITIES	Trust: 0.6
db:	BID	id:	87724	Trust: 0.4
db:	VULHUB	id:	VHN-7557	Trust: 0.1

sources: VULHUB: VHN-7557 // BID: 87724 // CNNVD: CNNVD-200310-064 // NVD: CVE-2003-0732

REFERENCES

url:	http://www.securityfocus.com/archive/1/333028	Trust: 2.0
url:	http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml	Trust: 2.0

sources: VULHUB: VHN-7557 // BID: 87724 // CNNVD: CNNVD-200310-064 // NVD: CVE-2003-0732

CREDITS

Unknown

Trust: 0.3

sources: BID: 87724

SOURCES

db:	VULHUB	id:	VHN-7557
db:	BID	id:	87724
db:	CNNVD	id:	CNNVD-200310-064
db:	NVD	id:	CVE-2003-0732

LAST UPDATE DATE

2024-08-14T14:23:07.194000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7557	date:	2008-09-05T00:00:00
db:	BID	id:	87724	date:	2003-10-20T00:00:00
db:	CNNVD	id:	CNNVD-200310-064	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0732	date:	2008-09-05T20:35:06.547

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7557	date:	2003-10-20T00:00:00
db:	BID	id:	87724	date:	2003-10-20T00:00:00
db:	CNNVD	id:	CNNVD-200310-064	date:	2003-10-20T00:00:00
db:	NVD	id:	CVE-2003-0732	date:	2003-10-20T04:00:00