Strix
26.1K

CVE-2009-1161

UnknownEPSS 12.55%

Last modified

CVE-2009-1161 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.. EPSS estimates a 12.55% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.

Metrics

EPSS Probability
12.55%

95.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoCiscoworks Common Services3.0.3
CiscoCiscoworks Common Services3.0.4
CiscoCiscoworks Common Services3.0.5
CiscoCiscoworks Common Services3.0.6
CiscoCiscoworks Common Services3.1
CiscoCiscoworks Common Services3.1.1
CiscoCiscoworks Common Services3.2
CiscoCiscoworks Health And Utilization Monitor1.0
CiscoCiscoworks Health And Utilization Monitor1.1
CiscoCiscoworks Lan Management Solution2.5
CiscoCiscoworks Lan Management Solution2.6
CiscoCiscoworks Lan Management Solution3.0
CiscoCiscoworks Lan Management Solution3.1
CiscoCiscoworks Qos Policy Manager4.0
CiscoCiscoworks Qos Policy Manager4.1
CiscoCiscoworks Voice Manager3.0
CiscoCiscoworks Voice Manager3.1
CiscoSecurity Manager3.0
CiscoSecurity Manager3.1
CiscoSecurity Manager3.2
CiscoTelepresence Readiness Assessment Manager1.0
CiscoUnified Operations Manager1.0
CiscoUnified Operations Manager1.1
CiscoUnified Operations Manager2.0
CiscoUnified Operations Manager2.1
CiscoUnified Provisioning Manager1.0
CiscoUnified Provisioning Manager1.1
CiscoUnified Provisioning Manager1.2
CiscoUnified Provisioning Manager1.3
CiscoUnified Service Monitor1.0
CiscoUnified Service Monitor1.1
CiscoUnified Service Monitor2.0
CiscoUnified Service Monitor2.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-1161?
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
How severe is CVE-2009-1161?
Severity scoring for CVE-2009-1161 is pending analysis. The EPSS model estimates a 12.55% probability of exploitation in the next 30 days.
How do I fix CVE-2009-1161?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-1161?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST