pioneer
超级版主
积分 4563
发帖 4545
注册 2007-7-16
来自 BJ
|
#1 CiscoWorks TFTP 目录遍历的漏洞
来源
secunia.com
软件名
Cisco Security Manager (CSM) 3.x
Cisco TelePresence Readiness Assessment Manager (CTRAM) 1.x
Cisco Unified Operations Manager (CUOM) 1.x
Cisco Unified Operations Manager (CUOM) 2.x
Cisco Unified Provisioning Manager 1.x
Cisco Unified Service Monitor (CUSM) 1.x
Cisco Unified Service Monitor (CUSM) 2.x
CiscoWorks Common Services Software 3.x
CiscoWorks Health and Utilization Monitor 1.x
CiscoWorks LAN Management Solution (LMS) 2.x
CiscoWorks LAN Management Solution (LMS) 3.x
CiscoWorks QoS Policy Manager (QPM) 4.x
CiscoWorks Voice Manager 3.x
描述
TFTP服务中的输入验证错误可导致在TFTP root之外通过特定的目录遍历次序来下载或操控任意文件
windows下,该漏洞在运行CiscoWorks Common服务V3.0.x, 3.1.x,和3.2.x的以下产品中已经报告:
* Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
* CiscoWorks QoS Policy Manager versions 4.0 and 4.1
* CiscoWorks LAN Management Solution versions 2.5, 2.6, 3.0, and 3.1
* Cisco Security Manager versions 3.0, 3.1, and 3.2
* Cisco TelePresence Readiness Assessment Manager version 1.0
* CiscoWorks Voice Manager versions 3.0 and 3.1
* CiscoWorks Health and Utilization Monitor versions 1.0 and 1.1
* Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and 2.1
* Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2, and 1.3
解决方案
应用补丁(cwcs3.x-win-CSCsx07107-0.zip).
http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one
| |
※文章所有权归【pioneer】与【东方微点论坛】共同所有,转载请注明出处!※
|
 |
|
