安全漏洞:CN-VA09-37
发布日期:2009年5月22日
漏洞类型:远程攻击
漏洞评估:严重
受影响的软件:
Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
CiscoWorks QoS Policy Manager versions 4.0 and 4.1
CiscoWorks LAN Management Solution versions 2.5, 2.6, 3.0, and 3.1
Cisco Security Manager versions 3.0, 3.1, and 3.2
Cisco TelePresence Readiness Assessment Manager version 1.0
CiscoWorks Voice Manager versions 3.0 and 3.1
CiscoWorks Health and Utilization Monitor versions 1.0 and 1.1
Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and 2.1
Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2, and 1.3
漏洞描述:
CiscoWorks Common Services包含TFTP目录遍历漏洞,远程攻击者可以利用漏洞未授权访问应用程序和操作系统文件。Cisco已经发布补丁,请广大用户及时下载更新。
参考信息:
http://www.doecirc.energy.gov/bulletins/t-140.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml
http://www.securityfocus.com/bid/35040/info
信息提供者:
Cisco
其它信息:
相关CVE编号:
CVE-2009-1161
漏洞报告文档编写:
CNCERT/CC
安全公告文档编写:
CNCERT/CC