Description
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33903
Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc84.shtml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021770
Scores
EPSS
0.0204
EPSS Percentile
78.7%
Details
CWE
CWE-22
Status
published
Products (4)
cisco/application_control_engine_device_manager
1.1
cisco/application_control_engine_device_manager
< 1.2
cisco/application_networking_manager
1.1
cisco/application_networking_manager
< 1.2
Published
Feb 26, 2009
Tracked Since
Feb 18, 2026