[原文]CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter.
CiscoWorks contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker sends a specially crafted URL to the server. This flaw may lead to a loss of confidentiality, integrity and/or availability.
Currently, there are no known workarounds or upgrades to correct this issue. However, Cisco has released a patch to address this vulnerability.