CVE-2003-0732

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/archive/1/333028	Exploit Vendor Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:resource_manager:1.1:::::::*
	cpe:2.3:a:cisco:resource_manager_essentials:2.1:::::::*
	cpe:2.3:a:cisco:resource_manager:1.0:::::::*
	cpe:2.3:a:cisco:resource_manager_essentials:2.0:::::::*
	cpe:2.3:a:cisco:resource_manager_essentials:2.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:cisco:ciscoworks_cd1:3rd:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:5th:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:1st:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:2nd:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:4th:::::::*

Information

Published : 2003-10-19 21:00

Updated : 2008-09-05 13:35

NVD link : CVE-2003-0732

Mitre link : CVE-2003-0732

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cisco

ciscoworks_common_management_foundation
resource_manager_essentials
resource_manager
ciscoworks_cd1

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/333028", "name": "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities", "tags": ["Exploit", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml", "name": "20030813 CiscoWorks Application Vulnerabilities", "tags": ["Patch", "Vendor Advisory"], "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the \"guest\" user to the Admin user on the Modify or delete users pages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0732", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-10-20T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:35Z"}

10.0 /10