CVE-2003-0731
First published: Mon Oct 20 2003(Updated: )
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Resource Manager | =1.0 | |
| Cisco Resource Manager | =1.1 | |
| Cisco Resource Manager | =2.0 | |
| Cisco Resource Manager | =2.1 | |
| Cisco Resource Manager | =2.2 | |
| CiscoWorks Common Management Foundation | =2.0 | |
| CiscoWorks Common Management Foundation | =2.1 | |
| CiscoWorks CD-One (CD1) | =1st | |
| CiscoWorks CD-One (CD1) | =2nd | |
| CiscoWorks CD-One (CD1) | =3rd | |
| CiscoWorks CD-One (CD1) | =4th | |
| CiscoWorks CD-One (CD1) | =5th |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-0731?
CVE-2003-0731 is classified as a high-severity vulnerability due to the potential for unauthorized administrative access.
How do I fix CVE-2003-0731?
To remediate CVE-2003-0731, it is recommended to upgrade to a patched version of the affected Cisco software.
Which Cisco products are affected by CVE-2003-0731?
CVE-2003-0731 affects CiscoWorks Common Management Foundation versions 2.1 and earlier, as well as several versions of Cisco Resource Manager.
What can an attacker do with CVE-2003-0731?
An attacker exploiting CVE-2003-0731 can gain unauthorized administrative privileges on the affected Cisco devices.
Is CVE-2003-0731 still a security concern today?
While CVE-2003-0731 was disclosed years ago, it is important to ensure no legacy systems are running vulnerable software due to the nature of the exploit.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/remedy
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/cisco
- product/resource manager essentials
- canonical/cisco resource manager essentials
- product/resource manager
- canonical/cisco resource manager
- product/ciscoworks cd1
- canonical/cisco ciscoworks cd1
- product/ciscoworks common management foundation
- canonical/cisco ciscoworks common management foundation
- version/cisco resource manager/1.0
- version/cisco resource manager/1.1
- version/cisco resource manager/2.0
- version/cisco resource manager/2.1
- version/cisco resource manager/2.2
- canonical/ciscoworks common management foundation
- version/ciscoworks common management foundation/2.0
- version/ciscoworks common management foundation/2.1
- canonical/ciscoworks cd-one (cd1)
- version/ciscoworks cd-one (cd1)/1st
- version/ciscoworks cd-one (cd1)/2nd
- version/ciscoworks cd-one (cd1)/3rd
- version/ciscoworks cd-one (cd1)/4th
- version/ciscoworks cd-one (cd1)/5th