CVE-2003-0731

Published: Oct 20, 2003Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.

Affected (12)

Products: Cisco: Resource Manager, Resource Manager Essentials, Ciscoworks Cd1, Ciscoworks Common Management Foundation

Cisco

4 products

Resource Manager

Resource Manager Essentials

Ciscoworks Cd1

Ciscoworks Common Management Foundation

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Cisco Resource Manager	Version 1.0
Cisco Resource Manager	Version 1.1
Cisco Resource Manager Essentials	Version 2.0
Cisco Resource Manager Essentials	Version 2.1
Cisco Resource Manager Essentials	Version 2.2

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Cisco Ciscoworks Cd1	Version 1st
Cisco Ciscoworks Cd1	Version 2nd
Cisco Ciscoworks Cd1	Version 3rd
Cisco Ciscoworks Cd1	Version 4th
Cisco Ciscoworks Cd1	Version 5th
Cisco Ciscoworks Common Management Foundation	Version 2.0
Cisco Ciscoworks Common Management Foundation	Version 2.1

References (4)

http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/archive/1/333028

Source: cve@mitre.org

ExploitVendor Advisory

http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/archive/1/333028

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.