This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2012-11-02
Product Prime Data Center Network Manager Last view 2015-04-03
Version 5.2(2e) Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cisco:prime_data_center_network_manager

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2015-04-03 CVE-2015-0666

Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.

4.3 2014-07-29 CVE-2014-3329

Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620.

7.8 2013-09-23 CVE-2013-5490

Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.

7.8 2013-09-23 CVE-2013-5487

DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.

10 2013-09-23 CVE-2013-5486

Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.

10 2012-11-02 CVE-2012-5417

Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.

CWE : Common Weakness Enumeration

%idName
33% (2) CWE-200 Information Exposure
16% (1) CWE-264 Permissions, Privileges, and Access Controls
16% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
16% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0043 Cisco Data Center Network Manager (DCNM) Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0059853
2013-B-0107 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager (DCNM)
Severity: Category I - VMSKEY: V0040491

Snort® IPS/IDS

Date Description
2016-04-28 Cisco Prime Data Center Network Manager processImageSave.jsp directory traver...
RuleID : 38351 - Type : SERVER-WEBAPP - Revision : 2
2014-02-08 Cisco Prime Data Center Network Manager arbitrary file read attempt
RuleID : 29266 - Type : SERVER-OTHER - Revision : 2
2014-02-06 Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file uplo...
RuleID : 29142 - Type : SERVER-WEBAPP - Revision : 6
2014-02-06 Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file uplo...
RuleID : 29141 - Type : SERVER-WEBAPP - Revision : 6
2014-01-23 Cisco Prime Data Center Network Manager processImageSave.jsp directory traver...
RuleID : 29042 - Type : SERVER-WEBAPP - Revision : 6
2014-01-23 Cisco Prime Data Center Network Manager processImageSave.jsp directory traver...
RuleID : 29041 - Type : SERVER-WEBAPP - Revision : 6
2014-02-08 (http_inspect)webrootdirectorytraversal
RuleID : 18 - Type : - Revision : 2

Nessus® Vulnerability Scanner

id Description
2015-04-13 Name: A network management system installed on the remote host is affected by a dir...
File: cisco_prime_dcnm_fmserver_dir_traversal.nasl - Type: ACT_ATTACK
2015-04-10 Name: A network management system installed on the remote host is affected by a dir...
File: cisco_prime_dcnm_7_1_1_local.nasl - Type: ACT_GATHER_INFO
2014-09-15 Name: A network management system on the remote host is affected by a cross-site sc...
File: cisco-sn-CSCum86620-prime_dcnm.nasl - Type: ACT_GATHER_INFO
2014-09-15 Name: A network management system on the remote host is affected by a cross-site sc...
File: cisco-sn-CSCum86620-prime_dcnm_local.nasl - Type: ACT_GATHER_INFO
2013-09-27 Name: A network management system installed on the remote host is affected by multi...
File: cisco_prime_dcnm_6_2_1.nasl - Type: ACT_GATHER_INFO
2013-09-27 Name: A network management system installed on the remote host is affected by multi...
File: cisco_prime_dcnm_6_2_1_local.nasl - Type: ACT_GATHER_INFO
2013-07-11 Name: A network management system installed on the remote host is affected by a rem...
File: cisco_prime_dcnm_6_1_2.nasl - Type: ACT_GATHER_INFO
2013-07-11 Name: A network management system installed on the remote is affected by a remote c...
File: cisco_prime_dcnm_6_1_2_local.nasl - Type: ACT_GATHER_INFO