Japan Vulnerability NotesJVN:62527913JVN#62527913 Directory traversal vulnerability in multiple Cisco Systems products
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
88.2%
Multiple Cisco Systems products are vulnerable to directory traversal due to an issue in CiscoWorks Common Services.
Impact
A remote attacker could view or alter files on the target server.
Solution
Update the software
Update to the latest version of CiscoWorks Common Services according the information provided by the vendor.
Workarounds
As a workaround to this vulnerability, disable the TFTP service until the software is updated.
Products Affected
- CiscoWorks Common Services 3.0.x
- CiscoWorks Common Services 3.1.x
- CiscoWorks Common Services 3.2.x
Products are affected when the above software is being run on Windows with the TFTP service enabled. For more information, refer to the vendor’s website.
Note that the Solaris version is not affected.
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
88.2%