CERT-In Vulnerability Note CIVN-2009-69
CiscoWorks Common Services TFTP Directory Traversal Vulnerability
Original Issue Date:June 09, 2009
Severity Rating:
Medium
System Affected
CiscoWorks Common Services versions 3.0.6 or prior, 3.1.1 or prior, or 3.2 if TFTP service is enabled and running on Microsoft Windows platrform. Overview
CiscoWorks is a web-based suite of tools, which helps users to manage a Cisco-based computer network. CiscoWorks Common Services (CS) is one of the components bundled in CiscoWorks, and it provides a mechanism to logically group the device together. It also provides the foundation of application infrastructure for all existing CiscoWorks network management solutions to share a common model for data storage, user login, user role definitions, user access privileges, and security protocols.
A directory traversal vulnerability has been reported in CiscoWorks Common Services
that could allow unauthorized access to arbitrary files on an affected system.
Description
The vulnerability which affects the packaged TFTP Server component is due to insufficient input sanitization of user requests. An unauthenticated, remote attacker could exploit the vulnerability to view or modify the contents of any file on the affected system. This vulnerability only affects versions of CiscoWorks Common Services that run on Microsoft Windows platforms.
Workarounds
- Disable TFTP
- Administrators are advised to allow only privileged users to access administration or management systems.
- Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems and devices to access the affected systems.
- Administrators may consider utilizing a host-based intrusion prevention system to help prevent the unauthorized modification of system files.
Solution Apply appropriate fixed versions as mentioned in CISCO Security Advisory.
http://www.cisco.com/warp/public/707/cisco-sa-20090520-cw.shtml
Vendor Information CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090520-cw.shtml
References
CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090520-cw.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=18227
SecurityTracker
http://securitytracker.com/alerts/2009/May/1022263.html
Security Focus
http://www.securityfocus.com/bid/35040
Secunia
http://secunia.com/advisories/35179/
VUPEN
http://www.vupen.com/english/advisories/2009/1390
CVE Name
CVE-2009-1161
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
