CERTA-2002-AVI-111
Vulnerability from certfr_avis

Un individu mal intentionné peut obtenir un accès en lecture sur les fichiers de la sonde.

Description

Une vulnérabilité a été découverte dans le serveur web utilisé par CISCO IDS Device Manager 3.1.1 pour la gestion des sondes IDS de CISCO. En utilisant une URL malicieusement formée, un individu mal intentionné peut obtenir l'accès en lecture à certains fichiers situés sur la sonde.

Solution

Contacter CISCO afin d'obtenir le correctif.

CISCO IDS Device Manager 3.1.1.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCISCO IDS Device Manager 3.1.1.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le serveur web utilis\u00e9 par CISCO\nIDS Device Manager 3.1.1 pour la gestion des sondes IDS de CISCO. En\nutilisant une URL malicieusement form\u00e9e, un individu mal intentionn\u00e9\npeut obtenir l\u0027acc\u00e8s en lecture \u00e0 certains fichiers situ\u00e9s sur la sonde.\n\n## Solution\n\nContacter CISCO afin d\u0027obtenir le correctif.\n",
  "cves": [],
  "initial_release_date": "2002-05-27T00:00:00",
  "last_revision_date": "2002-05-27T00:00:00",
  "links": [],
  "reference": "CERTA-2002-AVI-111",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Acc\u00e8s \u00e0 des donn\u00e9es non autoris\u00e9es"
    }
  ],
  "summary": "Un individu mal intentionn\u00e9 peut obtenir un acc\u00e8s en lecture sur les\nfichiers de la sonde.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans CISCO IDS Device Manager 3.1.1",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SecurityTracker",
      "url": "http://www.securitytracker.com/alerts/2002/May/1004370.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.