Cisco.CiscoWorks2000.CsAuthServlet.Privilege.Escalation

description-logoDescription

It indicates a possible exploit of a privilege escalation vulnerability in CiscoWorks Common Management Foundation (CMF) 2.1 and earlier. The vulnerability may allow a guest user to gain administrative privileges via a malicious POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.

affected-products-logoAffected Products

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier.

Impact logoImpact

Gain Access.

recomended-action-logoRecommended Actions

Upgrade to version 2.2 or later.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)