Intrusion Prevention

Cisco.CiscoWorks2000.CsAuthServlet.Privilege.Escalation

Description

It indicates a possible exploit of a privilege escalation vulnerability in CiscoWorks Common Management Foundation (CMF) 2.1 and earlier. The vulnerability may allow a guest user to gain administrative privileges via a malicious POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.

Affected Products

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier.

Impact

Gain Access.

Recommended Actions

Upgrade to version 2.2 or later.

CVE References

CVE-2003-0731