Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: CiscoWorks TFTP Directory Traversal Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CiscoWorks TFTP Directory Traversal Vulnerability

Cisco has announced that a directory traversal flaw has been discovered in its CiscoWorks product line.  According to the announcement:

Products that have TFTP services enabled and that run CiscoWorks
Common Services versions 3.0.x, 3.1.x, and 3.2.x are vulnerable.
Only CiscoWorks Common Services systems running on Microsoft Windows
operating systems are affected.

A successful exploitation of this vulnerability may allow an attacker
unauthorized access to view or modify application and host operating
system files. Modification of some system files could result in a denial
of service condition.

More information and a complete list of vulnerable products is available from:

 

Tom

160 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!