Executive Summary

Title Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability
Name cisco-sa-20121031-dcnm First vendor Publication 2012-10-31
Vendor Cisco Last vendor Modification 2013-05-08
Severity (Vendor) N/A Revision 2.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application.

Cisco has released free software updates that address this vulnerability.

This advisory is available at the following link:


Note: After this advisory was initially published, it was found that in addition to the DCNM SAN server component that is part of the DCNM solution, the DCNM LAN server is also affected by the same vulnerability. This advisory has been updated to revision 2.0 to indicate that the DCNM LAN server component is also vulnerable, to provide the Cisco bug ID that tracks the vulnerability in the DCNM LAN server component, and to update fixed software information.

BEGIN PGP SIGNATURE Version: GnuPG v1.4.12 (GNU/Linux)

iF4EAREIAAYFAlGKc/0ACgkQUddfH3/BbTr51AD/e7nVceiqF36VT7LQ5YmcjMax RMkX04N8wsdOgdZRyXkA+gMSU94ERrtaerlOHWlBBnhmFnLNcXYyCuS9Suobtcvc =eECl END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Application 18

Nessus® Vulnerability Scanner

Date Description
2013-07-11 Name : A network management system installed on the remote host is affected by a rem...
File : cisco_prime_dcnm_6_1_2.nasl - Type : ACT_GATHER_INFO
2013-07-11 Name : A network management system installed on the remote is affected by a remote c...
File : cisco_prime_dcnm_6_1_2_local.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 10:22:06
  • Multiple Updates
2013-05-08 21:20:29
  • Multiple Updates
2013-05-08 21:18:38
  • Multiple Updates
2013-02-06 19:08:02
  • Multiple Updates