Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco Prime Data Center Network Manager |
Informations | |||
---|---|---|---|
Name | cisco-sa-20130918-dcnm | First vendor Publication | 2013-09-18 |
Vendor | Cisco | Last vendor Modification | 2013-09-18 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Prime Data Center Network Manager (DCNM) contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are affected. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco Prime DCNM is affected by the following vulnerabilities: Cisco Prime DCNM Information Disclosure Vulnerability Cisco Prime DCNM Remote Command Execution Vulnerabilities Cisco Prime DCNM XML External Entity Injection Vulnerability Cisco has released free software updates that address these vulnerabilities. There are currently no workarounds that mitigate these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlI5sEcACgkQUddfH3/BbTo9DQD+Mm2vPADrFs+6ZKRVdtyRmfKl 1dAoJ31/KIf8LdIJZ3AA/RMCA/I9eXnVEWNdnAn4mB01WxekgqqPP0l8pCwLONAs =HT2Y END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-200 | Information Exposure |
33 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2013-12-03 | Cisco Prime Data Center Network Manager Arbitrary File Upload |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-09-26 | IAVM : 2013-B-0107 - Multiple Vulnerabilities in Cisco Prime Data Center Network Manager (DCNM) Severity : Category I - VMSKEY : V0040491 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-04-28 | Cisco Prime Data Center Network Manager processImageSave.jsp directory traver... RuleID : 38351 - Revision : 2 - Type : SERVER-WEBAPP |
2014-02-08 | Cisco Prime Data Center Network Manager arbitrary file read attempt RuleID : 29266 - Revision : 2 - Type : SERVER-OTHER |
2014-02-06 | Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file uplo... RuleID : 29142 - Revision : 6 - Type : SERVER-WEBAPP |
2014-02-06 | Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file uplo... RuleID : 29141 - Revision : 6 - Type : SERVER-WEBAPP |
2014-01-23 | Cisco Prime Data Center Network Manager processImageSave.jsp directory traver... RuleID : 29042 - Revision : 6 - Type : SERVER-WEBAPP |
2014-01-23 | Cisco Prime Data Center Network Manager processImageSave.jsp directory traver... RuleID : 29041 - Revision : 6 - Type : SERVER-WEBAPP |
Metasploit Database
id | Description |
---|---|
2013-09-18 | Cisco Prime Data Center Network Manager Arbitrary File Upload |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-09-27 | Name : A network management system installed on the remote host is affected by multi... File : cisco_prime_dcnm_6_2_1.nasl - Type : ACT_GATHER_INFO |
2013-09-27 | Name : A network management system installed on the remote host is affected by multi... File : cisco_prime_dcnm_6_2_1_local.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:16:43 |
|
2014-02-17 10:22:11 |
|
2014-02-06 21:20:37 |
|
2014-01-23 21:20:29 |
|
2014-01-03 17:19:01 |
|
2013-12-04 17:18:38 |
|
2013-11-11 12:37:33 |
|
2013-09-24 00:23:15 |
|
2013-09-18 21:20:36 |
|