CVE-2009-0615

2009-02-2616:17:20

CWE-22

cisco

web.nvd.nist.gov

cve

2009

0615

directory traversal

cisco

application networking manager

anm

application control engine

ace

device manager

remote authenticated users

arbitrary files

invalid directory permissions

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

61.5%

JSON

Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to “invalid directory permissions.”

Affected configurations

Nvd

Node

ciscoapplication_control_engine_device_managerRange≤1.2

ciscoapplication_control_engine_device_managerMatch1.1

ciscoapplication_networking_managerRange≤1.2

ciscoapplication_networking_managerMatch1.1

VendorProductVersionCPE
ciscoapplication_control_engine_device_manager*cpe:2.3:a:cisco:application_control_engine_device_manager:*:*:*:*:*:*:*:*
ciscoapplication_control_engine_device_manager1.1cpe:2.3:a:cisco:application_control_engine_device_manager:1.1:*:*:*:*:*:*:*
ciscoapplication_networking_manager*cpe:2.3:a:cisco:application_networking_manager:*:*:*:*:*:*:*:*
ciscoapplication_networking_manager1.1cpe:2.3:a:cisco:application_networking_manager:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	application_control_engine_device_manager	*	cpe:2.3:a:cisco:application_control_engine_device_manager::::::::
cisco	application_control_engine_device_manager	1.1	cpe:2.3:a:cisco:application_control_engine_device_manager:1.1:::::::*
cisco	application_networking_manager	*	cpe:2.3:a:cisco:application_networking_manager::::::::
cisco	application_networking_manager	1.1	cpe:2.3:a:cisco:application_networking_manager:1.1:::::::*