This indicates an attacker tried to exploit a program bug in CiscoWorks to gain Administration privileges.
A bug in Cisco CiscoWorks allows the ?guest? user to change his/her account from guest to ?Admin? on the Modify and Delete Users web page.
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier
Compromise of the affected system.
Apply appropriate patch from the vendor or upgrade to non-vulnerable version if available.