Description
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.
Product(s):
- Cisco CiscoWorks Common Management Foundation 2.0
- Cisco CiscoWorks Common Management Foundation 2.1
- Cisco Resource Manager 1.0
- Cisco Resource Manager 1.1
- Cisco Resource Manager Essentials 2.0
- Cisco Resource Manager Essentials 2.1
- Cisco Resource Manager Essentials 2.2
- Cisco CiscoWorks CD1 1st
- Cisco CiscoWorks CD1 2nd
- Cisco CiscoWorks CD1 3rd
- Cisco CiscoWorks CD1 4th
- Cisco CiscoWorks CD1 5th
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0732, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0732 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.