CVE-2009-1161: Path Traversal
First published: Thu May 21 2009(Updated: )
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CiscoWorks Common Services | =3.0.3 | |
| CiscoWorks Common Services | =3.0.4 | |
| CiscoWorks Common Services | =3.0.5 | |
| CiscoWorks Common Services | =3.0.6 | |
| CiscoWorks Common Services | =3.1 | |
| CiscoWorks Common Services | =3.1.1 | |
| CiscoWorks Common Services | =3.2 | |
| CiscoWorks Health and Utilization Monitor | =1.0 | |
| CiscoWorks Health and Utilization Monitor | =1.1 | |
| Cisco Ciscoworks for Windows | =2.5 | |
| Cisco Ciscoworks for Windows | =2.6 | |
| Cisco Ciscoworks for Windows | =3.0 | |
| Cisco Ciscoworks for Windows | =3.1 | |
| Cisco QoS Policy Manager | =4.0 | |
| Cisco QoS Policy Manager | =4.1 | |
| CiscoWorks Voice Manager | =3.0 | |
| CiscoWorks Voice Manager | =3.1 | |
| Cisco Security Manager Software | =3.0 | |
| Cisco Security Manager Software | =3.1 | |
| Cisco Security Manager Software | =3.2 | |
| Cisco TelePresence Readiness Assessment Manager | =1.0 | |
| Cisco Unified Operations Manager | =1.0 | |
| Cisco Unified Operations Manager | =1.1 | |
| Cisco Unified Operations Manager | =2.0 | |
| Cisco Unified Operations Manager | =2.1 | |
| Cisco Unified Provisioning Manager | =1.0 | |
| Cisco Unified Provisioning Manager | =1.1 | |
| Cisco Unified Provisioning Manager | =1.2 | |
| Cisco Unified Provisioning Manager | =1.3 | |
| Cisco Unified Service Monitor | =1.0 | |
| Cisco Unified Service Monitor | =1.1 | |
| Cisco Unified Service Monitor | =2.0 | |
| Cisco Unified Service Monitor | =2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml
- http://securitytracker.com/id?1022263
- http://www.securityfocus.com/bid/35040
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html
- http://jvn.jp/en/jp/JVN62527913/index.html
- http://secunia.com/advisories/35179
- http://osvdb.org/54616
- http://www.vupen.com/english/advisories/2009/1390
Frequently Asked Questions
What is the severity of CVE-2009-1161?
CVE-2009-1161 is classified as a high-severity vulnerability due to its potential for directory traversal attacks.
How do I fix CVE-2009-1161?
To fix CVE-2009-1161, update your CiscoWorks Common Services and related software to versions that are not affected by this vulnerability.
What systems are affected by CVE-2009-1161?
CVE-2009-1161 affects CiscoWorks Common Services versions 3.0.x through 3.2.x and other related Cisco products.
Can CVE-2009-1161 lead to unauthorized access?
Yes, CVE-2009-1161 can lead to unauthorized access to files and directories on affected systems.
Is there a workaround for CVE-2009-1161?
Disabling the TFTP service on affected Cisco systems can serve as a temporary workaround for CVE-2009-1161 until an update is applied.
- collector/nvd-historical
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/ciscoworks common services
- version/ciscoworks common services/3.0.3
- version/ciscoworks common services/3.0.4
- version/ciscoworks common services/3.0.5
- version/ciscoworks common services/3.0.6
- version/ciscoworks common services/3.1
- version/ciscoworks common services/3.1.1
- version/ciscoworks common services/3.2
- canonical/ciscoworks health and utilization monitor
- version/ciscoworks health and utilization monitor/1.0
- version/ciscoworks health and utilization monitor/1.1
- canonical/cisco ciscoworks for windows
- version/cisco ciscoworks for windows/2.5
- version/cisco ciscoworks for windows/2.6
- version/cisco ciscoworks for windows/3.0
- version/cisco ciscoworks for windows/3.1
- canonical/cisco qos policy manager
- version/cisco qos policy manager/4.0
- version/cisco qos policy manager/4.1
- canonical/ciscoworks voice manager
- version/ciscoworks voice manager/3.0
- version/ciscoworks voice manager/3.1
- canonical/cisco security manager software
- version/cisco security manager software/3.0
- version/cisco security manager software/3.1
- version/cisco security manager software/3.2
- canonical/cisco telepresence readiness assessment manager
- version/cisco telepresence readiness assessment manager/1.0
- canonical/cisco unified operations manager
- version/cisco unified operations manager/1.0
- version/cisco unified operations manager/1.1
- version/cisco unified operations manager/2.0
- version/cisco unified operations manager/2.1
- canonical/cisco unified provisioning manager
- version/cisco unified provisioning manager/1.0
- version/cisco unified provisioning manager/1.1
- version/cisco unified provisioning manager/1.2
- version/cisco unified provisioning manager/1.3
- canonical/cisco unified service monitor
- version/cisco unified service monitor/1.0
- version/cisco unified service monitor/1.1
- version/cisco unified service monitor/2.0
- version/cisco unified service monitor/2.1