CVE-2009-1161

high

Description

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

References

http://www.vupen.com/english/advisories/2009/1390

http://www.securityfocus.com/bid/35040

http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml

http://securitytracker.com/id?1022263

http://secunia.com/advisories/35179

http://osvdb.org/54616

http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html

http://jvn.jp/en/jp/JVN62527913/index.html

Details

Source: Mitre, NVD

Published: 2009-05-21

Updated: 2009-06-09

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High