Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title CDS Internet Streamer: Web Server Directory Traversal Vulnerability
Informations
Name cisco-sa-20100721-spcdn First vendor Publication 2010-06-02
Vendor Cisco Last vendor Modification 2010-07-21
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a specially crafted URL.

An unauthenticated attacker may be able to exploit this issue to access sensitive information, including the password files and system logs, which could be leveraged to launch subsequent attacks.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 11

Open Source Vulnerability Database (OSVDB)

Id Description
66508 Cisco Content Delivery System Internet Streamer Unspecified Traversal Arbitra...