Description
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
Affected products
- Cisco / ciscoworks_cd15th – 5th
- Cisco / ciscoworks_cd11st – 1st
- Cisco / ciscoworks_cd14th – 4th
- Cisco / ciscoworks_cd13rd – 3rd
- Cisco / ciscoworks_cd12nd – 2nd
- Cisco / ciscoworks_common_management_foundation2.1 – 2.1
- Cisco / ciscoworks_common_management_foundation2.0 – 2.0
- Cisco / resource_manager1.0 – 1.0
- Cisco / resource_manager1.1 – 1.1
- Cisco / resource_manager_essentials2.2 – 2.2
- Cisco / resource_manager_essentials2.1 – 2.1
- Cisco / resource_manager_essentials2.0 – 2.0