← Back

CVE-2009-1161

nvd nist
Published: May 21, 2009Modified: Apr 23, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

Affected (33)

Cisco
10 products
Ciscoworks Common Services
Ciscoworks Health And Utilization Monitor
Ciscoworks Lan Management Solution
Ciscoworks Qos Policy Manager
Ciscoworks Voice Manager
Security Manager
Telepresence Readiness Assessment Manager
Unified Operations Manager
Unified Provisioning Manager
Unified Service Monitor
Configuration A
33 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ciscoworks Common Services
Version 3.0.3
Ciscoworks Common Services
Version 3.0.4
Ciscoworks Common Services
Version 3.0.5
Ciscoworks Common Services
Version 3.0.6
Ciscoworks Common Services
Version 3.1.1
Ciscoworks Common Services
Version 3.1
Ciscoworks Common Services
Version 3.2
Cisco
Ciscoworks Health And Utilization Monitor
Version 1.0
Ciscoworks Health And Utilization Monitor
Version 1.1
Cisco
Ciscoworks Lan Management Solution
Version 2.5
Ciscoworks Lan Management Solution
Version 2.6
Ciscoworks Lan Management Solution
Version 3.0
Ciscoworks Lan Management Solution
Version 3.1
Cisco
Ciscoworks Qos Policy Manager
Version 4.0
Ciscoworks Qos Policy Manager
Version 4.1
Cisco
Ciscoworks Voice Manager
Version 3.0
Ciscoworks Voice Manager
Version 3.1
Cisco
Security Manager
Version 3.0
Security Manager
Version 3.1
Security Manager
Version 3.2
Telepresence Readiness Assessment Manager
Version 1.0
Cisco
Unified Operations Manager
Version 1.0
Unified Operations Manager
Version 1.1
Unified Operations Manager
Version 2.0
Unified Operations Manager
Version 2.1
Cisco
Unified Provisioning Manager
Version 1.0
Unified Provisioning Manager
Version 1.1
Unified Provisioning Manager
Version 1.2
Unified Provisioning Manager
Version 1.3
Cisco
Unified Service Monitor
Version 1.0
Unified Service Monitor
Version 1.1
Unified Service Monitor
Version 2.0
Unified Service Monitor
Version 2.1

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (16)

Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
PatchVendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.