Cisco TFTP Server allows unauthenticated system access
A directory traversal vulnerability in the CiscoWorks TFTP server allows remote attackers unauthenticated access to arbitrary system files. Attackers could use the vulnerability to gain access to a system and access it's data. Cisco, however, does not confirm if an attacker could upload data to an affected system.
According to the report, the problem only affects CiscoWorks Common Services systems running on Windows. The TFTP service, however, is enabled by default. Cisco has assigned a weak Common Vulnerability Scoring System (CVSS) base score of 10. Versions 3.0.x, 3.1.x and 3.2.x of the CiscoWorks Common Services are found in the following products:
- Cisco Unified Service Monitor versions 1.0, 1.1, 2.0 and 2.1
- CiscoWorks QoS Policy Manager versions 4.0 and 4.1
- CiscoWorks LAN Management Solution versions 2.5, 2.6, 3.0 and 3.1
- Cisco Security Manager versions 3.0, 3.1 and 3.2
- Cisco TelePresence Readiness Assessment Manager version 1.0
- CiscoWorks Voice Manager versions 3.0 and 3.1
- CiscoWorks Health and Utilization Monitor versions 1.0 and 1.1
- Cisco Unified Operations Manager versions 1.0, 1.1, 2.0 and 2.1
- Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2 and 1.3
Cisco has published an update for CiscoWorks, which fixes the vulnerability. Alternatively, administrators can disable the TFTP services. A guide can be found in the original advisory.
- CiscoWorks TFTP Directory Traversal Vulnerability, a Cisco Security Advisory.