Vulnslist

find the latest Cisco vulnerabilities

CDS Internet Streamer: Web Server Directory Traversal Vulnerability

cisco-sa-20100721-spcdn · High · Published · Updated

The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information, including the password files and system logs, which could be leveraged to launch subsequent attacks. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100721-spcdn.

Cisco advisory ·CSAF JSON

Workarounds

No workaround information imported yet.

CVEsCVE-2010-1577
Cisco Bug IDsNA
CVSS ScoreBase 7.8
Base 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND
Product Names From Source
Cisco Internet Streamer Content Delivery System (CDS-IS), Cisco Internet Streamer Content Delivery System (CDS)

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2010-1577 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2010-1577 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2010-1577 Cisco OpenVuln
Cisco Application Centric Infrastructure Virtual Edge CVE-2010-1577 Cisco OpenVuln
Cisco Internet Streamer Content Delivery System (CDS-IS) CVE-2010-1577 Cisco OpenVuln
Cisco Internet Streamer Content Delivery System (CDS) CVE-2010-1577 Cisco OpenVuln