Executive Summary
Summary | |
---|---|
Title | Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20150401-dcnm | First vendor Publication | 2015-04-01 |
Vendor | Cisco | Last vendor Modification | 2015-04-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Prime Data Center Network Manager (DCNM) contains a file information disclosure vulnerability that could allow an unauthenticated, remote attacker to retrieve arbitrary files from the underlying operating system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVRtf5opI1I6i1Mx3AQJ3xA/9Gmn7orljFxgHN+AORvqz4xhgUGbF5R/H 8HLS41OlI+sEa15OTmqx6WL8D51594ug3iDwNq5bFEadmHZ4zLPdwKuZaKkXXtW0 e7pJDYnDO78PUwlSVz7RW+0q16qNN//5H31VEkGTrb8/FR9YuvmK6rUMql9s3Wxc 6e+vDMRIauTqK3CvC2Dp/IW2Xhzl+DXkTRwpjBiVwEm5V6K3CEQ4/oiV4cm/ZqB +l9XGKCnPZAH10HDkhdDwosvLiFI2cD7ra0zwiqGen8RKRSR/INjS/qwThnQzvsIo Wb1+GqsGdOKsnb+XEur6xk4i4sjf87HHXkC7MuBXN7vcjjvgPw5OoyHL1IlvZ1yS TKU1jcGUzryh7CvA0eJFjFpQUr9vdXDLRyjhXKhND9ef996Flgx1xLbOFbOQTfdM 8+JciMaxnKavJcGatHRj1h+IjGoeX05N+41knKp3fgmwdhaHzgQr7WfdKxno/JWh HlJPKuktr10FOopqKe/mEM344D7zazNBUWSKB+aYs3aM7uoat+wsyLk0RG4DYoBs Imjsl1dpinFnsISB0nebRlxErYdG5eMMJHoUCc5GxwCtwB4yyjuGpHKB86Ad6MSJ QriLWc0SYMxwd2TZcmvrkw2jrsMM51Mg83zkj29dfEcXLvXQrs8/E1OW+bMt0rKB JEiVHr4/6aA= =NAIi END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-04-09 | IAVM : 2015-B-0043 - Cisco Data Center Network Manager (DCNM) Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0059853 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-02-08 | (http_inspect)webrootdirectorytraversal RuleID : 18 - Revision : 2 - Type : |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-04-13 | Name : A network management system installed on the remote host is affected by a dir... File : cisco_prime_dcnm_fmserver_dir_traversal.nasl - Type : ACT_ATTACK |
2015-04-10 | Name : A network management system installed on the remote host is affected by a dir... File : cisco_prime_dcnm_7_1_1_local.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-10-18 17:22:08 |
|
2015-04-14 13:28:39 |
|
2015-04-11 13:28:36 |
|
2015-04-03 21:29:56 |
|
2015-04-01 21:25:36 |
|