Executive Summary

Summary
TitleCisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities
Informations
Namecisco-sa-20090225-anmFirst vendor Publication2009-01-07
VendorCiscoLast vendor Modification2009-02-25
Severity (Vendor) N/ARevision1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities exist in the Cisco Application Networking Manager (ANM) and Cisco Application Control Engine (ACE) Device Manager applications. These vulnerabilities are independent of each other. Successful exploitation of these vulnerabilities may result in unauthorized system or host operating system access.

This security advisory identifies the following vulnerabilities:

* ACE Device Manager and ANM invalid directory permissions vulnerability
* ANM default user credentials vulnerability
* ANM MySQL default credentials vulnerability
* ANM Java agent privilege escalation

Cisco has released free software updates that address these vulnerabilities. A workaround that mitigates one of the issues is available.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7 (...)

CWE : Common Weakness Enumeration

idName
CWE-255Credentials Management
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application3

OpenVAS Exploits

DateDescription
2009-06-05Name : Ubuntu USN-723-1 (git-core)
File : nvt/ubuntu_723_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
52379Cisco ANM Java Agent Unspecified Remote Privilege Escalation
52378Cisco ANM MySQL root Account Default Password
52377Cisco ANM Installation Default User Credentials
52376Cisco ACE Device Manager Multiple Unspecified Traversals

Information Assurance Vulnerability Management (IAVM)

DateDescription
2009-03-05IAVM : 2009-T-0016 - Multiple Vulnerabilities in Cisco ACE Device Manager and Cisco Application Ne...
Severity : Category II - VMSKEY : V0018515

Nessus® Vulnerability Scanner

DateDescription
2013-09-16Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20090225-anm.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 10:21:55
  • Multiple Updates
2013-11-11 12:37:28
  • Multiple Updates
2013-05-11 00:42:33
  • Multiple Updates