{"api_version":"1","generated_at":"2026-04-23T10:17:57+00:00","cve":"CVE-2009-0615","urls":{"html":"https://cve.report/CVE-2009-0615","api":"https://cve.report/api/cve/CVE-2009-0615.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-0615","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-0615"},"summary":{"title":"CVE-2009-0615","description":"Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to \"invalid directory permissions.\"","state":"PUBLISHED","assigner":"cisco","published_at":"2009-02-26 16:17:20","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-22","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9","severity":"","vector":"AV:N/AC:L/Au:S/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc84.shtml","name":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc84.shtml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities - Cisco Systems","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1021770","name":"http://www.securitytracker.com/id?1021770","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cisco Application Networking Manager Incorrect Directory Permissions Let Remote Users View/Modify Files - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/33903","name":"http://www.securityfocus.com/bid/33903","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cisco Application Network Manager and Application Control Engine Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-0615","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0615","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"615","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"application_control_engine_device_manager","cpe6":"1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"615","vulnerable":"1","versionEndIncluding":"1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"application_control_engine_device_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"615","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"application_networking_manager","cpe6":"1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"615","vulnerable":"1","versionEndIncluding":"1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"application_networking_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:40:05.016Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"33903","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/33903"},{"name":"20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities","tags":["vendor-advisory","x_refsource_CISCO","x_transferred"],"url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc84.shtml"},{"name":"1021770","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1021770"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to \"invalid directory permissions.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2009-02-26T16:00:00.000Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"33903","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/33903"},{"name":"20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities","tags":["vendor-advisory","x_refsource_CISCO"],"url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc84.shtml"},{"name":"1021770","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1021770"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2009-0615","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to \"invalid directory permissions.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"33903","refsource":"BID","url":"http://www.securityfocus.com/bid/33903"},{"name":"20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities","refsource":"CISCO","url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc84.shtml"},{"name":"1021770","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1021770"}]}}}},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2009-0615","datePublished":"2009-02-26T16:00:00.000Z","dateReserved":"2009-02-18T00:00:00.000Z","dateUpdated":"2024-09-16T22:31:24.097Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-02-26 16:17:20","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-22","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:application_control_engine_device_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"5D4DDB47-1E38-47B5-A77E-B967A0C11ADB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:application_control_engine_device_manager:1.1:*:*:*:*:*:*:*","matchCriteriaId":"9A02EE9C-8E93-409E-823A-08C8C9ADE002"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:application_networking_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"2E917E6B-F744-49D3-8516-132C8684F3D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:application_networking_manager:1.1:*:*:*:*:*:*:*","matchCriteriaId":"0E427057-56BC-4E7C-8DBA-0388A6C81C87"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"615","Ordinal":"1","Title":"CVE-2009-0615","CVE":"CVE-2009-0615","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"615","Ordinal":"1","NoteData":"Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to \"invalid directory permissions.\"","Type":"Description","Title":"CVE-2009-0615"},{"CveYear":"2009","CveId":"615","Ordinal":"2","NoteData":"2009-02-26","Type":"Other","Title":"Published"}]}}}