Sign-up

ID

VAR-200210-0132


CVE

CVE-2002-0908


TITLE

Cisco IDS Device Manager Arbitrary File Read Access Vulnerability

Trust: 0.9

sources: BID: 4760 // CNNVD: CNNVD-200210-172

DESCRIPTION

Directory traversal vulnerability in the web server for Cisco IDS Device Manager before 3.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTPS request. It is distributed and maintained by Cisco Systems. The IDS Device Manager may allow a remote user to gain access to sensitive information on the system. Due to improper handling of user-supplied input, it is possible for a user to gain access to arbitrary files on the system using an elementary directory traversal attack. By placing a request to the process, with an appended dot-dot-slash (../) tag pointing to a file, a remote user may read the specified file on the affected system. Since there is no effective security check on the data entered by the user, the attacker can view the content of any file in the target system with the authority of IDS Device Manager by submitting strings containing multiple \"../\" for directory traversal. Leakage of sensitive system information. <**>

Trust: 1.26

sources: NVD: CVE-2002-0908 // BID: 4760 // VULHUB: VHN-5298

AFFECTED PRODUCTS

vendor:ciscomodel:ids device managerscope:eqversion:3.1.1

Trust: 1.9

sources: BID: 4760 // CNNVD: CNNVD-200210-172 // NVD: CVE-2002-0908

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0908
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200210-172
value: MEDIUM

Trust: 0.6

VULHUB: VHN-5298
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-0908
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-5298
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-5298 // CNNVD: CNNVD-200210-172 // NVD: CVE-2002-0908

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0908

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200210-172

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200210-172

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-5298

EXTERNAL IDS
db:NVDid:CVE-2002-0908
Trust: 2.0
db:BIDid:4760
Trust: 2.0
db:CNNVDid:CNNVD-200210-172
Trust: 0.7
db:XFid:9174
Trust: 0.6
db:BUGTRAQid:20020524 CISCO IDS DEVICE MANAGER 3.1.1 ADVISORY
Trust: 0.6
db:EXPLOIT-DBid:21456
Trust: 0.1
db:VULHUBid:VHN-5298
Trust: 0.1
sources:
            
            
            VULHUB: VHN-5298 // 
            
            
            
            BID: 4760 // 
            
            
            
            CNNVD: CNNVD-200210-172 // 
            
            
            
            NVD: CVE-2002-0908

REFERENCES
url:http://www.securityfocus.com/bid/4760
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2002-05/0214.html
Trust: 1.7
url:http://www.iss.net/security_center/static/9174.php
Trust: 1.7
sources:
            
            
            VULHUB: VHN-5298 // 
            
            
            
            CNNVD: CNNVD-200210-172 // 
            
            
            
            NVD: CVE-2002-0908

CREDITS
Discovered by Andrew Lopacki <Andrew.Lopacki@amsouth.com>.
Trust: 0.3
sources:
            
            
            BID: 4760

SOURCES
db:VULHUBid:VHN-5298
db:BIDid:4760
db:CNNVDid:CNNVD-200210-172
db:NVDid:CVE-2002-0908

LAST UPDATE DATE
2025-04-03T22:14:12.006000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-5298date:2008-09-05T00:00:00
db:BIDid:4760date:2009-07-11T12:46:00
db:CNNVDid:CNNVD-200210-172date:2005-10-20T00:00:00
db:NVDid:CVE-2002-0908date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-5298date:2002-10-04T00:00:00
db:BIDid:4760date:2002-05-17T00:00:00
db:CNNVDid:CNNVD-200210-172date:2002-05-17T00:00:00
db:NVDid:CVE-2002-0908date:2002-10-04T04:00:00