Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2009-1161 to a friend New vulnerability? New tool? Tell us	CVE-2009-1161 CiscoWorks TFTP Directory Traversal Vulnerability     Credit: The information has been provided by Cisco Systems Product Security Incident Response Team. The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20090520-cw.shtml Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2009-1161 Details Check for CVE-2009-1161 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1  * CiscoWorks QoS Policy Manager versions 4.0 and 4.1  * CiscoWorks LAN Management Solution versions 2.5, 2.6, and 3.0  * Cisco Security Manager versions 3.0, 3.1, and 3.2  * Cisco TelePresence Readiness Assessment Manager version 1.0  * CiscoWorks Voice Manager versions 3.0 and 3.1  * CiscoWorks Health and Utilization Monitor versions 1.0 and 1.1  * Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and 2.1  * Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2, and 1.3 The Solaris version of CiscoWorks Common Services is not affected by this vulnerability. The TFTP service is enabled by default. To verify that the TFTP service is running connect to the CiscoWorks interface and choose "Start > Settings > Control Panel > Administrative Tools > Services" to access the "Services" window. The name of the service is "CWCS tftp service". Note: Administrators can also issue the "tasklist/svc" Microsoft Windows command to list the services that are running on the system. CiscoWorks Common Services contains a TFTP directory traversal vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files. Note: Only CiscoWorks Common Services systems that run on Microsoft Windows operating systems are vulnerable. The Solaris version of CiscoWorks Common Services is not affected by this vulnerability. Patch Availability: CiscoWorks Common Services software patch: cwcs3.x-win-CSCsx07107-0.zip The CiscoWorks Common Services patch can be downloaded from the following link: http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one Workarounds To mitigate this vulnerability, administrators can disable TFTP services by completing the following steps: Step 1. Choose "Start > Settings > Control Panel > Administrative Tools > Services to access the Services window. Step 2. Right-click "CWCS tftp service" and select "Properties". Step 3. Set the "Startup Type" to "Disabled". Step 4. Click the "Stop" button to stop the TFTP service. Note: Disabling TFTP services may impact the functionality of some of the CiscoWorks components. Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090520-cw.shtml CVE Information: CVE-2009-1161  Comments on CVE-2009-1161:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®