CVE-2003-0732

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/333028	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:resource_manager:1.0:::::::*
	cpe:2.3:a:cisco:resource_manager:1.1:::::::*
	cpe:2.3:a:cisco:resource_manager_essentials:2.0:::::::*
	cpe:2.3:a:cisco:resource_manager_essentials:2.1:::::::*
	cpe:2.3:a:cisco:resource_manager_essentials:2.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:::::::*
	cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:1st:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:2nd:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:3rd:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:4th:::::::*
	cpe:2.3:o:cisco:ciscoworks_cd1:5th:::::::*

History

No history.

Information

Published : 2003-10-20 04:00

Updated : 2008-09-05 20:35

NVD link : CVE-2003-0732

Mitre link : CVE-2003-0732

CVE.ORG link : CVE-2003-0732

JSON object : View

Products Affected

cisco

resource_manager_essentials
resource_manager
ciscoworks_cd1
ciscoworks_common_management_foundation

CWE

NVD-CWE-Other

{"id": "CVE-2003-0732", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-10-20T04:00:00.000", "references": [{"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/333028", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the \"guest\" user to the Admin user on the Modify or delete users pages."}], "lastModified": "2008-09-05T20:35:06.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CD172F3-4964-410A-A7E9-5659DE662734"}, {"criteria": "cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8305C239-6496-4CF9-9515-FDE7478877E7"}, {"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2C398A1-1539-4D21-A486-DDE591546949"}, {"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D70C0ACD-9782-468D-B283-6AA5DBEBAA8C"}, {"criteria": "cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "006C6865-45CE-4150-9FD6-C31138DBF1DC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "716ABF75-32B2-4E9A-A612-BA06C5C2E17D"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B"}, {"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "419D225D-28FD-4D76-ACBF-45EA35B9973E"}, {"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF809BC6-93A5-4B1D-BC3C-2A41F32D4A92"}, {"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EED9047B-5AA5-49C1-B8D1-690D505082D7"}, {"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45096D29-930F-4FE0-A23F-8C57BF62567A"}, {"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC6393A1-F3A2-4D73-A845-03C9725B91A9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}