What is CVE-2011-0966?

CVE-2011-0966 is a vulnerability in Cisco Ciscoworks_common_services, classified under Path Traversal. Published 2011-05-20.

Is CVE-2011-0966 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Cisco Ciscoworks_common_services

CVE-2011-0966

Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.348 (97.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Ciscoworks_common_services — versions 1.0, 2.2, 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

psirt@cisco.com (URL Repurposed, Exploit, x_refsource_MISC)
20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006 (mailing-list, Exploit, x_refsource_FULLDISC)
17304 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cisco-uom-auditlog-directory-traversal(67525) (vdb-entry, x_refsource_XF)
psirt@cisco.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2011-0966?: CVE-2011-0966 is a vulnerability in Cisco Ciscoworks_common_services, classified under Path Traversal. Published 2011-05-20.
Is CVE-2011-0966 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.