CiscoWorks Common Services TFTP服务器目录遍历漏洞

发布时间:2009-10-12浏览次数:1468

  

       安全漏洞:CN-VA09-37
  发布日期:2009年5月22日
  漏洞类型:远程攻击
  漏洞评估:严重
  受影响的软件:
  Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
  CiscoWorks QoS Policy Manager versions 4.0 and 4.1
  CiscoWorks LAN Management Solution versions 2.5, 2.6, 3.0, and 3.1
  Cisco Security Manager versions 3.0, 3.1, and 3.2
  Cisco TelePresence Readiness Assessment Manager version 1.0
  CiscoWorks Voice Manager versions 3.0 and 3.1
  CiscoWorks Health and Utilization Monitor versions 1.0 and 1.1
  Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and 2.1
  Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2, and 1.3
  
  漏洞描述:
  CiscoWorks Common Services包含TFTP目录遍历漏洞,远程攻击者可以利用漏洞未授权访问应用程序和操作系统文件。Cisco已经发布补丁,请广大用户及时下载更新。
  
  参考信息:
  http://www.doecirc.energy.gov/bulletins/t-140.shtml
  http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml
  http://www.securityfocus.com/bid/35040/info
  
  信息提供者:
  Cisco
  
  其它信息:
  
  相关CVE编号:
  CVE-2009-1161
  
  漏洞报告文档编写:
  
  CNCERT/CC
  
  安全公告文档编写:
  
  CNCERT/CC