CVE-2003-0732 — HIGH (10.0)

Vulnerability Description

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Resource Manager	1.0
Cisco	Resource Manager Essentials	2.0
Cisco	Ciscoworks Common Management Foundation	2.0
Cisco	Ciscoworks Cd1	1st

References

http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtmlPatchVendor Advisory
http://www.securityfocus.com/archive/1/333028ExploitVendor Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtmlPatchVendor Advisory
http://www.securityfocus.com/archive/1/333028ExploitVendor Advisory

FAQ

What is CVE-2003-0732?

CVE-2003-0732 is a vulnerability with a CVSS score of 10.0 (HIGH). CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Adm...

How severe is CVE-2003-0732?

CVE-2003-0732 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0732?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Resource Manager, Cisco Resource Manager Essentials, Cisco Ciscoworks Common Management Foundation, Cisco Ciscoworks Cd1.