Cisco.CiscoWorks2000.CsAuthServlet.Privilege.Escalation
Description
It indicates a possible exploit of a privilege escalation vulnerability in CiscoWorks Common Management Foundation (CMF) 2.1 and earlier. The vulnerability may allow a guest user to gain administrative privileges via a malicious POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
Affected Products
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier.
Impact
Gain Access.
Recommended Actions
Upgrade to version 2.2 or later.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |