[原文]The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.
*** Cisco has announced that their previously released update does not fully resolve this issue. This vulnerability will be fixed in versions of WebNS expected to be released in December 2002 or January 2003.
WebNS contains a flaw that may allow a malicious user to gain access to administrative privileges. The issue is triggered when an attackers navigates directly to the web management URL, instead of navigating through the interface. It is possible that the flaw may allow administrative control of the device resulting in a loss of confidentiality, integrity, and/or availability.
Upgrade to version 6.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.