Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability
Informations
Name cisco-sa-20150401-dcnm First vendor Publication 2015-04-01
Vendor Cisco Last vendor Modification 2015-04-01
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Prime Data Center Network Manager (DCNM) contains a file information disclosure vulnerability that could allow an unauthenticated, remote attacker to retrieve arbitrary files from the underlying operating system.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm

BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVRtf5opI1I6i1Mx3AQJ3xA/9Gmn7orljFxgHN+AORvqz4xhgUGbF5R/H 8HLS41OlI+sEa15OTmqx6WL8D51594ug3iDwNq5bFEadmHZ4zLPdwKuZaKkXXtW0 e7pJDYnDO78PUwlSVz7RW+0q16qNN//5H31VEkGTrb8/FR9YuvmK6rUMql9s3Wxc 6e+vDMRIauTqK3CvC2Dp/IW2Xhzl+DXkTRwpjBiVwEm5V6K3CEQ4/oiV4cm/ZqB +l9XGKCnPZAH10HDkhdDwosvLiFI2cD7ra0zwiqGen8RKRSR/INjS/qwThnQzvsIo Wb1+GqsGdOKsnb+XEur6xk4i4sjf87HHXkC7MuBXN7vcjjvgPw5OoyHL1IlvZ1yS TKU1jcGUzryh7CvA0eJFjFpQUr9vdXDLRyjhXKhND9ef996Flgx1xLbOFbOQTfdM 8+JciMaxnKavJcGatHRj1h+IjGoeX05N+41knKp3fgmwdhaHzgQr7WfdKxno/JWh HlJPKuktr10FOopqKe/mEM344D7zazNBUWSKB+aYs3aM7uoat+wsyLk0RG4DYoBs Imjsl1dpinFnsISB0nebRlxErYdG5eMMJHoUCc5GxwCtwB4yyjuGpHKB86Ad6MSJ QriLWc0SYMxwd2TZcmvrkw2jrsMM51Mg83zkj29dfEcXLvXQrs8/E1OW+bMt0rKB JEiVHr4/6aA= =NAIi END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 28

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-04-09 IAVM : 2015-B-0043 - Cisco Data Center Network Manager (DCNM) Information Disclosure Vulnerability
Severity : Category I - VMSKEY : V0059853

Snort® IPS/IDS

Date Description
2014-02-08 (http_inspect)webrootdirectorytraversal
RuleID : 18 - Revision : 2 - Type :

Nessus® Vulnerability Scanner

Date Description
2015-04-13 Name : A network management system installed on the remote host is affected by a dir...
File : cisco_prime_dcnm_fmserver_dir_traversal.nasl - Type : ACT_ATTACK
2015-04-10 Name : A network management system installed on the remote host is affected by a dir...
File : cisco_prime_dcnm_7_1_1_local.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2015-10-18 17:22:08
  • Multiple Updates
2015-04-14 13:28:39
  • Multiple Updates
2015-04-11 13:28:36
  • Multiple Updates
2015-04-03 21:29:56
  • Multiple Updates
2015-04-01 21:25:36
  • First insertion