Executive Summary
Summary | |
---|---|
Title | Cisco Data Center Network Manager Privilege Escalation to Underlying Operating System Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180905-cdcnm-escalation | First vendor Publication | 2018-09-05 |
Vendor | Cisco | Last vendor Modification | 2018-09-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by authenticating to the application and then sending a crafted HTTP request to the targeted application. A successful exploit could allow the authenticated attacker to issue commands on the underlying operating system as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbkADTXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczJLsP/1H346qlqZp9cue/Lycf462hqTOM W8FsF5ueH/oLQ28uO6qjgYRsQeoEpiCpYM54BFAo5sZNDBby9DOFSxRMCGjxl6pZ R/cq16yUVfmLvnCXVscMc04ivT6f6fYyvRCXiQPO990usut2vsDTxkficGRd/EoR 6XeWpLsHAvNz5pnakIM8XGSLJ7dBg2qWmtFG4d3BsqvRMTKXtlg9bUi4b4rKwIYq c4Hyv/UW2+h3fPeXuK8ldvxmkwykCNsWcrBuZ7TGRxloluGzsXVRzmGHpv7lqeZu N9dYIVfjZcrilbcT61E2M1X/JXyCc8aWlVM0d0vKvkKVjPlf6sJ0aKrBAczEv4MM QKme2P5f8Gm8KKHLuiQjg06m6OYz3RqRQ772QYEthR/NSry5TM0ZwU1yILSq9PVr 7aBekyvlk5fKl7s5wisADSkWpgkHYBK8nbFq3CyIyK9oNwkyzyPbt+lPeYoeAJWG BIkMjxUo29oOX8o2f3c26ZS++sRo8/tlA/V0Ljhvz6SLtnDNXE8A/AW7v0PNTUrb oy4BsRMHa7/r2tNSvdUp82aJdXUx/UKGzzrUBaLbVdJbchFm3ulmiVumOWBbfPlb I/utJ6W+YIqNZbMKpPt+lc3FwHOLmJDhtTycrYn7ciVAli0k9w1+7dOisDs+jebb aOw+ytZjFFgFyRZD =9MC0 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco Data Center Network Manager command injection attempt RuleID : 47715 - Revision : 1 - Type : SERVER-WEBAPP |
2020-12-05 | Cisco Data Center Network Manager command injection attempt RuleID : 47714 - Revision : 1 - Type : SERVER-WEBAPP |
2020-12-05 | Cisco Data Center Network Manager command injection attempt RuleID : 47713 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2019-01-09 17:20:59 |
|
2018-10-05 21:21:50 |
|
2018-09-05 21:19:47 |
|