// For flags

CVE-2011-0966

CiscoWorks Common Services 3.1.1 - Auditing Directory Traversal

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.

Vulnerabilidad de salto de directorio en cwhp/auditLog.do en el componente Homepage Auditing en Cisco CiscoWorks Common Services v3.3 y anteriores permite a atacantes remotos leer archivos de su elección a través de un .. (punto punto) en el parámetro de archivo, también conocido como Bug ID CSCto35577.

Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities. Versions 8.0 and 8.5 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-02-10 CVE Reserved
  • 2011-05-18 CVE Published
  • 2011-05-18 First Exploit
  • 2024-02-27 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ciscoworks Common Services
Search vendor "Cisco" for product "Ciscoworks Common Services"
<= 3.3
Search vendor "Cisco" for product "Ciscoworks Common Services" and version " <= 3.3"
-
Affected
Cisco
Search vendor "Cisco"
Ciscoworks Common Services
Search vendor "Cisco" for product "Ciscoworks Common Services"
1.0
Search vendor "Cisco" for product "Ciscoworks Common Services" and version "1.0"
-
Affected
Cisco
Search vendor "Cisco"
Ciscoworks Common Services
Search vendor "Cisco" for product "Ciscoworks Common Services"
2.2
Search vendor "Cisco" for product "Ciscoworks Common Services" and version "2.2"
-
Affected
Cisco
Search vendor "Cisco"
Ciscoworks Common Services
Search vendor "Cisco" for product "Ciscoworks Common Services"
3.0
Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.0"
-
Affected
Cisco
Search vendor "Cisco"
Ciscoworks Common Services
Search vendor "Cisco" for product "Ciscoworks Common Services"
3.0.3
Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.0.3"
-
Affected
Cisco
Search vendor "Cisco"
Ciscoworks Common Services
Search vendor "Cisco" for product "Ciscoworks Common Services"
3.0.4
Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.0.4"
-
Affected
Cisco
Search vendor "Cisco"
Ciscoworks Common Services
Search vendor "Cisco" for product "Ciscoworks Common Services"
3.0.5
Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.0.5"
-
Affected
Cisco
Search vendor "Cisco"
Ciscoworks Common Services
Search vendor "Cisco" for product "Ciscoworks Common Services"
3.0.6
Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.0.6"
-
Affected
Cisco
Search vendor "Cisco"
Ciscoworks Common Services
Search vendor "Cisco" for product "Ciscoworks Common Services"
3.1
Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.1"
-
Affected
Cisco
Search vendor "Cisco"
Ciscoworks Common Services
Search vendor "Cisco" for product "Ciscoworks Common Services"
3.1.1
Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.1.1"
-
Affected
Cisco
Search vendor "Cisco"
Ciscoworks Common Services
Search vendor "Cisco" for product "Ciscoworks Common Services"
3.2
Search vendor "Cisco" for product "Ciscoworks Common Services" and version "3.2"
-
Affected