CVE-2009-1161

{"id": "CVE-2009-1161", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-05-21T14:30:00.390", "references": [{"url": "http://jvn.jp/en/jp/JVN62527913/index.html", "source": "ykramarz@cisco.com"}, {"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html", "source": "ykramarz@cisco.com"}, {"url": "http://osvdb.org/54616", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/35179", "source": "ykramarz@cisco.com"}, {"url": "http://securitytracker.com/id?1022263", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/35040", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2009/1390", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el servicio TFTP en Cisco CiscoWorks Common Services (CWCS) v3.0.x hasta v3.2.x en Windows, tambi\u00e9n utilizado en Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager y otros productos, lo que permite atacantes remotos acceder a ficheros arbitrarios a trav\u00e9s de vectores no especificados."}], "lastModified": "2009-06-09T05:33:31.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.3:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFFC3AE9-1B61-44F8-938B-6363EDB2DD5A"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.4:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BB12692-8BCD-4601-83AE-12F1AFD1EF03"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.5:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1017A34C-A119-41D4-AE10-1E35FAFF0547"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.0.6:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5399066A-658B-4494-A291-DB20E0CE7687"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD8374C6-D8A3-43CB-A9F7-8A71CD69BE9F"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.1.1:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC455CA4-A1F7-4614-9A6F-ABCB0C9026E8"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:3.2:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5941482-DB47-49E8-90BA-650073C3A233"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ciscoworks_health_and_utilization_monitor:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CC556B9-7073-41E3-8099-00B796F8B68B"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_health_and_utilization_monitor:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87814504-DC6B-41CA-873E-F46B2F71A3FE"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB783DD2-C6B7-406B-9DC4-E1BC832D025C"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57CBDA0C-EE71-459C-AFA1-9879C6727287"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6CF9518-2D68-4E95-862B-54B622622B9D"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_lan_management_solution:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C446E75-5404-4875-AD94-DF953A7874FC"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_qos_policy_manager:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A30B25F2-2DEB-4254-88DB-FA31AB6CA04D"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_qos_policy_manager:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F77163A8-3F2F-473F-B776-A155D94011DF"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_voice_manager:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1F143B9-20B4-4140-805F-5F709290D6E0"}, {"criteria": "cpe:2.3:a:cisco:ciscoworks_voice_manager:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "562CA8A8-C17E-4985-8EA0-E2CB61355FEB"}, {"criteria": "cpe:2.3:a:cisco:security_manager:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BE4D6E7-9884-4C7B-BD40-F8C08E78E93A"}, {"criteria": "cpe:2.3:a:cisco:security_manager:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "921F93B3-84A8-471B-9A3A-780C76BA3685"}, {"criteria": "cpe:2.3:a:cisco:security_manager:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4686AD6B-CAB3-4CE5-9B13-D30613C614CB"}, {"criteria": "cpe:2.3:a:cisco:telepresence_readiness_assessment_manager:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "668AEB8D-4923-4EAE-A67A-979D7B816108"}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC421340-135D-45AD-8E59-F1B62805ABEB"}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5510F4F-93C9-4722-97F5-37A05B48C23D"}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C73FD728-7A22-4248-B4DA-62AB2704A411"}, {"criteria": "cpe:2.3:a:cisco:unified_operations_manager:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "930EA844-7016-4EC3-833D-70D1B1DE6DA0"}, {"criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C453852A-D639-4872-B8FE-AE7E2BC019A8"}, {"criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D4D4CAE-582C-47F5-A3D5-CC1D3BE00308"}, {"criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0337CC9-B682-4135-B5C8-745B41474EBA"}, {"criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14FC0DD7-81A3-4294-ACA5-0F8B05E7CC49"}, {"criteria": "cpe:2.3:a:cisco:unified_service_monitor:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A5A8958-B3DE-443B-921F-3AE25FFBF615"}, {"criteria": "cpe:2.3:a:cisco:unified_service_monitor:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B2F5BDC-A768-4A07-92A2-1C9DF484C3A7"}, {"criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6041F558-D641-4067-BBC8-EC23D0A1ED18"}, {"criteria": "cpe:2.3:a:cisco:unified_service_monitor:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56101F5A-4099-4027-859D-07CFE598F1B5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}