CVE-2009-0615

2009-02-2616:17:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2009

0615

directory traversal

cisco

application networking manager

anm

application control engine

ace

device manager

remote authenticated users

arbitrary files

invalid directory permissions

6.4 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.0%

JSON

Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to “invalid directory permissions.”

CPENameOperatorVersion
cisco:application_networking_managercisco application networking managereq1.1
cisco:application_control_engine_device_managercisco application control engine device managereq1.1
cisco:application_networking_managercisco application networking managerle1.2
cisco:application_control_engine_device_managercisco application control engine device managerle1.2

CPE	Name	Operator	Version
cisco:application_networking_manager	cisco application networking manager	eq	1.1
cisco:application_control_engine_device_manager	cisco application control engine device manager	eq	1.1
cisco:application_networking_manager	cisco application networking manager	le	1.2
cisco:application_control_engine_device_manager	cisco application control engine device manager	le	1.2