CVE-2003-0732

Exp

CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.

Published: 2003-10-20 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2003-0732 is rated High Exploit Risk (83.8/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 1.98%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.59% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2003-0732

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2003-0732

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.38% 1.98% +1.59%
2 2025-03-30 0.48% 0.38% -0.10%
3 2025-03-29 0.48%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2003-0732

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
10.0 10.0 [email protected]

Weakness enumeration for CVE-2003-0732

Affected software / configurations for CVE-2003-0732

Vendor Product Version Raw CPE
cisco resource_manager 1.0 cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*
cisco resource_manager 1.1 cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*
cisco resource_manager_essentials 2.0 cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*
cisco resource_manager_essentials 2.1 cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*
cisco resource_manager_essentials 2.2 cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*
cisco ciscoworks_common_management_foundation 2.0 cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*
cisco ciscoworks_common_management_foundation 2.1 cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*
cisco ciscoworks_cd1 1st cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*
cisco ciscoworks_cd1 2nd cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*
cisco ciscoworks_cd1 3rd cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*
cisco ciscoworks_cd1 4th cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*
cisco ciscoworks_cd1 5th cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*

References for CVE-2003-0732

cvelogic Threat Intelligence