Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2013-09-23 10:18

Modified

2024-11-21 01:57

Severity ?

Summary

Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/62485
ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/87191
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62485
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/87191

Impacted products

Vendor	Product	Version
cisco	prime_data_center_network_manager	*
cisco	prime_data_center_network_manager	5.2\(2e\)
cisco	prime_data_center_network_manager	6.1\(1a\)
cisco	prime_data_center_network_manager	4.1\(2\)
cisco	prime_data_center_network_manager	4.1\(3\)
cisco	prime_data_center_network_manager	4.1\(4\)
cisco	prime_data_center_network_manager	4.1\(5\)
cisco	prime_data_center_network_manager	4.2\(1\)
cisco	prime_data_center_network_manager	4.2\(3\)
cisco	prime_data_center_network_manager	5.0\(2\)
cisco	prime_data_center_network_manager	5.0\(3\)
cisco	prime_data_center_network_manager	5.1\(1\)
cisco	prime_data_center_network_manager	5.1\(2\)
cisco	prime_data_center_network_manager	5.1\(3u\)
cisco	prime_data_center_network_manager	5.2\(2\)
cisco	prime_data_center_network_manager	5.2\(2a\)
cisco	prime_data_center_network_manager	5.2\(2b\)
cisco	prime_data_center_network_manager	5.2\(2c\)
cisco	prime_data_center_network_manager	5.2\(2e\)
cisco	prime_data_center_network_manager	6.1\(1a\)
cisco	prime_data_center_network_manager	6.1\(1b\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA694779-2C13-4B1E-B072-DD153AA26C5D",
              "versionEndIncluding": "6.1\\(1b\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "019F9B97-CE8B-4DE2-BACC-D1A68F4870B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "293BB089-B320-49BA-9C25-421D540905DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AE806-1C8D-4F11-A550-FF5754428A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F81232DD-07EE-4D09-B65A-D7634E196511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D8AE2E29-39D9-403A-9CAC-BED892F52479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BA302085-58CB-474D-AAFE-6FD5599541A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9A708D-8CF3-49A4-800C-D31799BCBB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "03143D6F-6C97-4D8C-AD56-D5EB62F931EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDD6E2D-A8A3-4448-908B-3AD7C06A7E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F3C88480-385A-42DB-9D68-6F38AD4D2DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E756CA24-C315-46F0-A94F-6A71C0AF7F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "69F43509-E1B7-4245-8D2D-89A9ACD8EEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(3u\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DED096A4-0D48-49AB-92D6-0A0608C6AEC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F5A24647-F23B-4DEF-B63A-940DF910AD4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFB0875-6956-4AAE-9AB8-5759247C636E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "61BFB7E8-82E4-4374-A7B9-CA10A606D304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "265EB77A-11AE-4857-8D3C-B9039059E6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "019F9B97-CE8B-4DE2-BACC-D1A68F4870B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "293BB089-B320-49BA-9C25-421D540905DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09B17404-A841-4CDF-B4F7-016FD4AF5507",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148."
    },
    {
      "lang": "es",
      "value": "Cisco Prime Data Center Network Manager (DCNM) anteriores a 6.2(1) permiten a atacantes remotos leer archivos de texto arbitrarios a trav\u00e9s de una declaraci\u00f3n de entidad externa XML en conjunci\u00f3n con una referencia de entidad, relacionada con un problema XML External Entity (XXE), tambi\u00e9n conocido como Bug ID CSCud80148."
    }
  ],
  "id": "CVE-2013-5490",
  "lastModified": "2024-11-21T01:57:34.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-23T10:18:59.190",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/62485"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-06-08 13:29

Modified

2024-11-21 03:30

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/98935	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1038626
ykramarz@cisco.com	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesb3p03762en_us
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98935	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038626
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesb3p03762en_us
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	prime_data_center_network_manager	10.1\(1\)
cisco	prime_data_center_network_manager	10.1\(2\)
cisco	prime_data_center_network_manager	10.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BAAD8F8D-B121-449E-A6A5-B74D9A7FDA9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "94D2F2CD-795C-4E34-B0E3-CE3D3205FFD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B3100A1-737E-4DF3-9EE2-9B492DC5AD5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad role-based access control (RBAC) de Prime Data Center Network Manager (DCNM) de Cisco, podr\u00eda permitir a un atacante remoto no identificado acceder a informaci\u00f3n confidencial o ejecutar c\u00f3digo arbitrario con privilegios root en un sistema afectado. La vulnerabilidad es debido a la falta de mecanismos de identificaci\u00f3n y autorizaci\u00f3n para una herramienta de depuraci\u00f3n que se habilit\u00f3 inadvertidamente en el software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la conexi\u00f3n remota a la herramienta de depuraci\u00f3n por medio de TCP. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante acceder a informaci\u00f3n confidencial sobre el software afectado o ejecutar c\u00f3digo arbitrario con privilegios root en el sistema afectado. Esta vulnerabilidad afecta al Programa Prime Data Center Network Manager (DCNM) de Cisco versiones 10.1(1) y 10.1(2) para plataformas de Microsoft Windows, Linux y Virtual Appliance. ID de bug de Cisco: CSCvd09961."
    }
  ],
  "id": "CVE-2017-6639",
  "lastModified": "2024-11-21T03:30:11.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-08T13:29:00.453",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98935"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1038626"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesb3p03762en_us"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesb3p03762en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-02 22:29

Modified

2024-11-21 03:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/104074	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload	Vendor Advisory
ykramarz@cisco.com	https://www.tenable.com/security/research/tra-2018-11	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104074	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/research/tra-2018-11	Third Party Advisory

Impacted products

Vendor	Product	Version
cisco	prime_data_center_network_manager	10.0\(1\)
cisco	prime_data_center_network_manager	10.2\(1\)
cisco	prime_infrastructure	3.3\(0.0\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "613EEBAC-F9A0-4BB9-91B1-B6B854786490",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "998B6DB7-8D4F-4322-B665-CE0D0EC561F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.3\\(0.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A67FAFC9-7F4B-4CB5-AF27-74E20DD21B2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el servlet Cisco Prime File Upload que afecta a m\u00faltiples productos Cisco podr\u00eda permitir que un atacante remoto suba archivos arbitrarios a cualquier directorio de un dispositivo vulnerable (tambi\u00e9n conocido como salto de directorio) y los ejecute. Esta vulnerabilidad afecta a los siguientes productos: Cisco Prime Data Center Network Manager (DCNM) en su versi\u00f3n 10.0 y siguientes y Cisco Prime Infrastructure (PI) en todas las versiones. Cisco Bug IDs: CSCvf32411, CSCvf81727."
    }
  ],
  "id": "CVE-2018-0258",
  "lastModified": "2024-11-21T03:37:49.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-02T22:29:00.793",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104074"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2018-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2018-11"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        },
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-11-02 04:46

Modified

2024-11-21 01:44

Severity ?

Summary

Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm	Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/56348
ykramarz@cisco.com	http://www.securitytracker.com/id?1027712
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/56348
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027712

Impacted products

Vendor	Product	Version
cisco	prime_data_center_network_manager	4.1\(2\)
cisco	prime_data_center_network_manager	4.1\(3\)
cisco	prime_data_center_network_manager	4.1\(4\)
cisco	prime_data_center_network_manager	4.1\(5\)
cisco	prime_data_center_network_manager	4.2\(1\)
cisco	prime_data_center_network_manager	4.2\(3\)
cisco	prime_data_center_network_manager	5.0\(2\)
cisco	prime_data_center_network_manager	5.0\(3\)
cisco	prime_data_center_network_manager	5.1\(1\)
cisco	prime_data_center_network_manager	5.1\(2\)
cisco	prime_data_center_network_manager	5.1\(3u\)
cisco	prime_data_center_network_manager	5.2\(2\)
cisco	prime_data_center_network_manager	5.2\(2a\)
cisco	prime_data_center_network_manager	5.2\(2b\)
cisco	prime_data_center_network_manager	5.2\(2c\)
cisco	prime_data_center_network_manager	5.2\(2e\)
cisco	prime_data_center_network_manager	6.1\(1a\)
cisco	prime_data_center_network_manager	6.1\(1b\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AE806-1C8D-4F11-A550-FF5754428A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F81232DD-07EE-4D09-B65A-D7634E196511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D8AE2E29-39D9-403A-9CAC-BED892F52479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BA302085-58CB-474D-AAFE-6FD5599541A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9A708D-8CF3-49A4-800C-D31799BCBB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "03143D6F-6C97-4D8C-AD56-D5EB62F931EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDD6E2D-A8A3-4448-908B-3AD7C06A7E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F3C88480-385A-42DB-9D68-6F38AD4D2DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E756CA24-C315-46F0-A94F-6A71C0AF7F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "69F43509-E1B7-4245-8D2D-89A9ACD8EEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(3u\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DED096A4-0D48-49AB-92D6-0A0608C6AEC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F5A24647-F23B-4DEF-B63A-940DF910AD4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFB0875-6956-4AAE-9AB8-5759247C636E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "61BFB7E8-82E4-4374-A7B9-CA10A606D304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "265EB77A-11AE-4857-8D3C-B9039059E6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "019F9B97-CE8B-4DE2-BACC-D1A68F4870B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "293BB089-B320-49BA-9C25-421D540905DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09B17404-A841-4CDF-B4F7-016FD4AF5507",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924."
    },
    {
      "lang": "es",
      "value": "Cisco Prime Data Center Network Manager (DCNM) antes de v6.1(1) no restrige correctamente el acceso a ciertas funcionalidades de JBoss MainDeployer, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de servicios JBoss Application Server Remote Method Invocation (RMI), tambi\u00e9n conocido como Bug ID CSCtz44924."
    }
  ],
  "id": "CVE-2012-5417",
  "lastModified": "2024-11-21T01:44:40.393",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-11-02T04:46:09.310",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/56348"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id?1027712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/56348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027712"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-06-08 13:29

Modified

2024-11-21 03:30

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/98937	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1038625
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98937	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038625
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	prime_data_center_network_manager	10.1\(1\)
cisco	prime_data_center_network_manager	10.1\(2\)
cisco	prime_data_center_network_manager	10.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BAAD8F8D-B121-449E-A6A5-B74D9A7FDA9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "94D2F2CD-795C-4E34-B0E3-CE3D3205FFD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B3100A1-737E-4DF3-9EE2-9B492DC5AD5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el programa Prime Data Center Network Manager (DCNM) de Cisco podr\u00eda permitir a un atacante remoto no identificado iniciar sesi\u00f3n en la consola administrativa de un servidor DCNM usando una cuenta que tenga una contrase\u00f1a est\u00e1tica por defecto. La cuenta podr\u00eda tener privilegios de nivel root o system. La vulnerabilidad se presenta porque el programa afectado tiene una cuenta de usuario predeterminada que presenta una contrase\u00f1a est\u00e1tica por defecto. La cuenta de usuario es creada autom\u00e1ticamente cuando se instala el programa. Un atacante podr\u00eda explotar esta vulnerabilidad al conectarse remotamente a un sistema afectado e iniciar sesi\u00f3n en el programa  afectado usando las credenciales para esta cuenta de usuario predeterminada. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante usar esta cuenta de usuario predeterminada iniciar sesi\u00f3n en el programa afectado y conseguir acceso a la consola administrativa de un servidor DCNM. Esta vulnerabilidad afecta al Programa Prime Data Center Network Manager (DCNM) de Cisco versiones anteriores a 10.2(1) para las plataformas Microsoft Windows, Linux y Virtual Appliance. IDs de Bug de Cisco: CSCvd95346."
    }
  ],
  "id": "CVE-2017-6640",
  "lastModified": "2024-11-21T03:30:11.793",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-08T13:29:00.483",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98937"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1038625"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-10-05 16:29

Modified

2024-11-21 03:38

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/105159	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1041585	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal	Vendor Advisory
ykramarz@cisco.com	https://www.tenable.com/security/research/tra-2018-20	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105159	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041585	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/research/tra-2018-20	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
cisco	prime_data_center_network_manager	6.3\(1\)
cisco	prime_data_center_network_manager	6.3\(2\)
cisco	prime_data_center_network_manager	7.0\(1\)
cisco	prime_data_center_network_manager	7.0\(2\)
cisco	prime_data_center_network_manager	7.1\(1\)
cisco	prime_data_center_network_manager	10.0
cisco	prime_data_center_network_manager	10.1
cisco	prime_data_center_network_manager	10.2
cisco	prime_data_center_network_manager	10.3\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3918F70A-ECDC-4DC2-B8B1-9520D71FB869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "37ADE3EF-35D8-4F7C-8119-7D541A0E68B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:7.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1D80A701-8682-4F87-98ED-43ED91870D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:7.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D15F3687-2F75-4CF9-B368-25826BFC0E5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:7.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F7259F87-D43C-4DD9-9F57-C395830A14BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD185618-D23B-44EA-BD57-7AAC12BDE529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64BBDE0-E36A-4ECD-A769-A4FAD9D59D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B36B844-5DF1-4B35-B111-B8A1A8FA3930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "88F5ADFB-26D4-4D8E-81EB-DC72F8EA8C13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el software Cisco Data Center Network Manager podr\u00eda permitir a un atacante remoto autenticado llevar a cabo ataques de salto de directorio y obtener acceso a archivos sensibles en el sistema objetivo. La vulnerabilidad se debe a la validaci\u00f3n incorrecta de las peticiones de usuario en la interfaz de gesti\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad enviando peticiones maliciosas que contengan secuencias de caracteres de salto de directorio en la interfaz de gesti\u00f3n. Su explotaci\u00f3n podr\u00eda permitir que un atacante visualice o cree archivos arbitrarios en el sistema objetivo."
    }
  ],
  "id": "CVE-2018-0464",
  "lastModified": "2024-11-21T03:38:17.203",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-05T16:29:00.440",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105159"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041585"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2018-20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2018-20"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-09-23 10:18

Modified

2024-11-21 01:57

Severity ?

Summary

DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.

References

▼	URL	Tags
	ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	prime_data_center_network_manager	*
cisco	prime_data_center_network_manager	5.2\(2e\)
cisco	prime_data_center_network_manager	6.1\(1a\)
cisco	prime_data_center_network_manager	4.1\(2\)
cisco	prime_data_center_network_manager	4.1\(3\)
cisco	prime_data_center_network_manager	4.1\(4\)
cisco	prime_data_center_network_manager	4.1\(5\)
cisco	prime_data_center_network_manager	4.2\(1\)
cisco	prime_data_center_network_manager	4.2\(3\)
cisco	prime_data_center_network_manager	5.0\(2\)
cisco	prime_data_center_network_manager	5.0\(3\)
cisco	prime_data_center_network_manager	5.1\(1\)
cisco	prime_data_center_network_manager	5.1\(2\)
cisco	prime_data_center_network_manager	5.1\(3u\)
cisco	prime_data_center_network_manager	5.2\(2\)
cisco	prime_data_center_network_manager	5.2\(2a\)
cisco	prime_data_center_network_manager	5.2\(2b\)
cisco	prime_data_center_network_manager	5.2\(2c\)
cisco	prime_data_center_network_manager	5.2\(2e\)
cisco	prime_data_center_network_manager	6.1\(1a\)
cisco	prime_data_center_network_manager	6.1\(1b\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA694779-2C13-4B1E-B072-DD153AA26C5D",
              "versionEndIncluding": "6.1\\(1b\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "019F9B97-CE8B-4DE2-BACC-D1A68F4870B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "293BB089-B320-49BA-9C25-421D540905DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AE806-1C8D-4F11-A550-FF5754428A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F81232DD-07EE-4D09-B65A-D7634E196511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D8AE2E29-39D9-403A-9CAC-BED892F52479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BA302085-58CB-474D-AAFE-6FD5599541A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9A708D-8CF3-49A4-800C-D31799BCBB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "03143D6F-6C97-4D8C-AD56-D5EB62F931EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDD6E2D-A8A3-4448-908B-3AD7C06A7E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F3C88480-385A-42DB-9D68-6F38AD4D2DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E756CA24-C315-46F0-A94F-6A71C0AF7F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "69F43509-E1B7-4245-8D2D-89A9ACD8EEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(3u\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DED096A4-0D48-49AB-92D6-0A0608C6AEC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F5A24647-F23B-4DEF-B63A-940DF910AD4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFB0875-6956-4AAE-9AB8-5759247C636E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "61BFB7E8-82E4-4374-A7B9-CA10A606D304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "265EB77A-11AE-4857-8D3C-B9039059E6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "019F9B97-CE8B-4DE2-BACC-D1A68F4870B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "293BB089-B320-49BA-9C25-421D540905DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09B17404-A841-4CDF-B4F7-016FD4AF5507",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029."
    },
    {
      "lang": "es",
      "value": "DCNM-SAN Server en Cisco Prime Data Center Network Manager (DCNM) anteriores a 6.2(1) permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCue77029."
    }
  ],
  "id": "CVE-2013-5487",
  "lastModified": "2024-11-21T01:57:34.253",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-23T10:18:59.173",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-03-08 07:29

Modified

2024-11-21 03:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg81051.

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/103327	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1040469	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-pdcnm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103327	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040469	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-pdcnm	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	prime_data_center_network_manager	10.4\(1.109\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:10.4\\(1.109\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "24371C42-5A0A-46D0-921D-97CAA2FE90C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg81051."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web de Cisco Prime Data Center Network Manager podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en un dispositivo afectado. La vulnerabilidad se debe a la validaci\u00f3n insuficiente de entrada de datos de parte del usuario en la interfaz de gesti\u00f3n web de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad haciendo que un usuario de la interfaz haga clic en un enlace manipulado. Un exploit con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo script arbitrario en el contexto de la interfaz o que pueda acceder a informaci\u00f3n sensible del navegador. Cisco Bug IDs: CSCvg81051."
    }
  ],
  "id": "CVE-2018-0144",
  "lastModified": "2024-11-21T03:37:36.217",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-08T07:29:00.330",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103327"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040469"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-pdcnm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-pdcnm"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-07-29 20:55

Modified

2024-11-21 02:07

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620.

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329	Vendor Advisory
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=35065	Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/68926	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1030652	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/94889
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=35065	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/68926	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030652	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/94889

Impacted products

Vendor	Product	Version
cisco	prime_data_center_network_manager	*
cisco	prime_data_center_network_manager	6.1
cisco	prime_data_center_network_manager	6.1\(1\)
cisco	prime_data_center_network_manager	6.2\(1\)
cisco	prime_data_center_network_manager	6.2\(3\)
cisco	prime_data_center_network_manager	6.2\(5\)
cisco	prime_data_center_network_manager	6.2\(5a\)
cisco	prime_data_center_network_manager	6.3\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E56F80B-E6CE-4999-B29D-DCBB6D3FBDFF",
              "versionEndIncluding": "6.3\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26903875-4FED-42EC-8720-03699915E574",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FAEA482A-0A6C-4668-9F4C-24D71BD1FFE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "69FBB163-04DE-44FB-9903-8C8AE092B6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A17E1B76-333E-49B3-8157-BCE8228606D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.2\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E95554E9-4E48-4C30-A600-2AD658F436A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.2\\(5a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7F8A72-9018-4F28-B5D8-247940C5CF64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3918F70A-ECDC-4DC2-B8B1-9520D71FB869",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en el componente del servidor web en Cisco Prime Data Center Network Manager (DCNM) 6.3(2) y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCum86620."
    }
  ],
  "id": "CVE-2014-3329",
  "lastModified": "2024-11-21T02:07:52.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-29T20:55:08.520",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35065"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/68926"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030652"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/68926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94889"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-04-29 21:55

Modified

2024-11-21 01:49

Severity ?

Summary

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.

References

▼	URL	Tags
	ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	application_networking_manager	-
cisco	context_directory_agent	-
cisco	identity_services_engine_software	-
cisco	network_services_manager	-
cisco	prime_collaboration	-
cisco	prime_data_center_network_manager	-
cisco	prime_lan_management_solution	-
cisco	prime_network_control_system	-
cisco	quad	-
cisco	secure_access_control_system	-
cisco	unified_provisioning_manager	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:application_networking_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BC24E6-3295-4D09-AC77-F9B4DA0811BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:context_directory_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9167B80B-DBD4-4B26-9BBB-98C9F246ED91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AE172B5-15D4-400D-BF3F-A2177C02331A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D132E7DF-3B63-4A2A-AE65-C5F90CCF3878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27D5E074-F68B-4BE3-8405-6F2ACB5BB9FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E09BFF1-6273-4BC4-9DFA-563F490E2754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_network_control_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7377B5F-AA6C-4042-BEB9-E7450059C99B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:quad:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C75C3800-0ADB-4B41-B4B0-1B9C923ADEEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "716A2EC7-4A03-4BB9-B787-6DD285E25056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C175AC04-44FB-4FC5-B8A6-046A50C9B75C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125."
    },
    {
      "lang": "es",
      "value": "La interfaz de l\u00ednea de comandos en el sistema Cisco Secure Access Control (ACS), Servicios de Identidad del motor de software, Agente de Directorio Contexto, Gerente de Redes de Aplicaciones (ANM), Sistema de Control de Red Prime, LAN Management Solution Prime (LMS), Prime Collaboration, Provisioning Manager Unificado , Network Services Manager, el primer Data Center Network Manager (DCNM) y Quad no validan correctamente la entrada, lo que permite a usuarios locales obtener privilegios de root a trav\u00e9s de vectores no especificados. Vulnerabilidad tambi\u00e9n conocida como Bug ID CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416 , CSCug29418, CSCug29422, CSCug29425 y CSCug29426. Se trata de una cuesti\u00f3n diferente que CVE-2013-1125."
    }
  ],
  "id": "CVE-2013-1196",
  "lastModified": "2024-11-21T01:49:05.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-29T21:55:37.203",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-04-03 10:59

Modified

2024-12-19 19:12

Severity ?

Summary

Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm	Vendor Advisory
ykramarz@cisco.com	http://www.securitytracker.com/id/1032009	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032009	Broken Link

Impacted products

Vendor	Product	Version
cisco	prime_data_center_network_manager	*
cisco	prime_data_center_network_manager	6.3\(1\)
cisco	prime_data_center_network_manager	6.3\(2\)
cisco	prime_data_center_network_manager	7.0\(1\)

JSON

To clipboard

{
  "cisaActionDue": "2022-04-15",
  "cisaExploitAdd": "2022-03-25",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB2EE71-CB83-440B-8AFF-52E71B97F136",
              "versionEndIncluding": "7.0\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3918F70A-ECDC-4DC2-B8B1-9520D71FB869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "37ADE3EF-35D8-4F7C-8119-7D541A0E68B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:7.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1D80A701-8682-4F87-98ED-43ED91870D08",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en el servlet fmserver en Cisco Prime Data Center Network Manager (DCNM) anterior a 7.1(1) permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de un nombre de ruta manipulado, tambi\u00e9n conocido como Bug ID CSCus00241."
    }
  ],
  "id": "CVE-2015-0666",
  "lastModified": "2024-12-19T19:12:51.923",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-04-03T10:59:04.290",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1032009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1032009"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-09-23 10:18

Modified

2024-11-21 01:57

Severity ?

Summary

Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	Vendor Advisory
ykramarz@cisco.com	http://www.exploit-db.com/exploits/30008	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/30008	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
cisco	prime_data_center_network_manager	4.1\(2\)
cisco	prime_data_center_network_manager	4.1\(3\)
cisco	prime_data_center_network_manager	4.1\(4\)
cisco	prime_data_center_network_manager	4.1\(5\)
cisco	prime_data_center_network_manager	4.2\(1\)
cisco	prime_data_center_network_manager	4.2\(3\)
cisco	prime_data_center_network_manager	5.0\(2\)
cisco	prime_data_center_network_manager	5.0\(3\)
cisco	prime_data_center_network_manager	5.1\(1\)
cisco	prime_data_center_network_manager	5.1\(2\)
cisco	prime_data_center_network_manager	5.1\(3u\)
cisco	prime_data_center_network_manager	5.2\(2\)
cisco	prime_data_center_network_manager	5.2\(2a\)
cisco	prime_data_center_network_manager	5.2\(2b\)
cisco	prime_data_center_network_manager	5.2\(2c\)
cisco	prime_data_center_network_manager	5.2\(2e\)
cisco	prime_data_center_network_manager	6.1\(1a\)
cisco	prime_data_center_network_manager	6.1\(1b\)
cisco	prime_data_center_network_manager	*
cisco	prime_data_center_network_manager	5.2\(2e\)
cisco	prime_data_center_network_manager	6.1\(1a\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AE806-1C8D-4F11-A550-FF5754428A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F81232DD-07EE-4D09-B65A-D7634E196511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D8AE2E29-39D9-403A-9CAC-BED892F52479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BA302085-58CB-474D-AAFE-6FD5599541A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9A708D-8CF3-49A4-800C-D31799BCBB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "03143D6F-6C97-4D8C-AD56-D5EB62F931EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDD6E2D-A8A3-4448-908B-3AD7C06A7E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F3C88480-385A-42DB-9D68-6F38AD4D2DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E756CA24-C315-46F0-A94F-6A71C0AF7F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "69F43509-E1B7-4245-8D2D-89A9ACD8EEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(3u\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DED096A4-0D48-49AB-92D6-0A0608C6AEC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F5A24647-F23B-4DEF-B63A-940DF910AD4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFB0875-6956-4AAE-9AB8-5759247C636E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "61BFB7E8-82E4-4374-A7B9-CA10A606D304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "265EB77A-11AE-4857-8D3C-B9039059E6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "019F9B97-CE8B-4DE2-BACC-D1A68F4870B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "293BB089-B320-49BA-9C25-421D540905DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09B17404-A841-4CDF-B4F7-016FD4AF5507",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA694779-2C13-4B1E-B072-DD153AA26C5D",
              "versionEndIncluding": "6.1\\(1b\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "019F9B97-CE8B-4DE2-BACC-D1A68F4870B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "293BB089-B320-49BA-9C25-421D540905DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036.  NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en processImageSave.jsp en DCNM-SAN Server en Cisco Prime Data Center Network Manager (DCNM) en versiones anteriores a 6.2(1) permite a atacantes remotos escribir archivos arbitrarios a trav\u00e9s del par\u00e1metro chartid, vulnerabilidad tambi\u00e9n conocida como Bug IDs CSCue77035 y CSCue77036. NOTA: \u00c9sto puede ser aprovechado para ejecutar comandos arbitrarios usando la funcionalidad de despliegue autom\u00e1tico JBoss."
    }
  ],
  "id": "CVE-2013-5486",
  "lastModified": "2024-11-21T01:57:34.113",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-23T10:18:59.157",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/30008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/30008"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2017-6639

Vulnerability from cvelistv5

Published

2017-06-08 13:00

Modified

2024-08-05 15:33

Severity ?

Summary

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1038626	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/98935	vdb-entry, x_refsource_BID
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesb3p03762en_us	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability

Version: Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:33:20.460Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038626",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038626"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1"
          },
          {
            "name": "98935",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98935"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesb3p03762en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability"
            }
          ]
        }
      ],
      "datePublic": "2017-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-16",
              "description": "CWE-16",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-12T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1038626",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038626"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1"
        },
        {
          "name": "98935",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98935"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesb3p03762en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6639",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-16"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038626",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038626"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1"
            },
            {
              "name": "98935",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98935"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesb3p03762en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesb3p03762en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6639",
    "datePublished": "2017-06-08T13:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:33:20.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3329

Vulnerability from cvelistv5

Published

2014-07-29 20:00

Modified

2024-08-06 10:43

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1030652	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/viewAlert.x?alertId=35065	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/94889	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/68926	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:43:05.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140728 Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329"
          },
          {
            "name": "1030652",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030652"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35065"
          },
          {
            "name": "cisco-prime-cve20143329-xss(94889)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94889"
          },
          {
            "name": "68926",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68926"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20140728 Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329"
        },
        {
          "name": "1030652",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030652"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35065"
        },
        {
          "name": "cisco-prime-cve20143329-xss(94889)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94889"
        },
        {
          "name": "68926",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68926"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3329",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140728 Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329"
            },
            {
              "name": "1030652",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030652"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35065",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35065"
            },
            {
              "name": "cisco-prime-cve20143329-xss(94889)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94889"
            },
            {
              "name": "68926",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68926"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3329",
    "datePublished": "2014-07-29T20:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:43:05.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5490

Vulnerability from cvelistv5

Published

2013-09-23 10:00

Modified

2024-08-06 17:15

Severity ?

Summary

Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	vendor-advisory, x_refsource_CISCO
	https://exchange.xforce.ibmcloud.com/vulnerabilities/87191	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/62485	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:21.045Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
          },
          {
            "name": "cisco-dcnm-cve20135490-info-disc(87191)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
          },
          {
            "name": "62485",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62485"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
        },
        {
          "name": "cisco-dcnm-cve20135490-info-disc(87191)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
        },
        {
          "name": "62485",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62485"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5490",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
            },
            {
              "name": "cisco-dcnm-cve20135490-info-disc(87191)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
            },
            {
              "name": "62485",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62485"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5490",
    "datePublished": "2013-09-23T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:21.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-6640

Vulnerability from cvelistv5

Published

2017-06-08 13:00

Modified

2024-08-05 15:33

Severity ?

Summary

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1038625	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/98937	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

n/a

Cisco Prime Data Center Network Manager Server Static Credential Vulnerability

Version: Cisco Prime Data Center Network Manager Server Static Credential Vulnerability

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:33:20.445Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038625",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038625"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2"
          },
          {
            "name": "98937",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98937"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Data Center Network Manager Server Static Credential Vulnerability",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Prime Data Center Network Manager Server Static Credential Vulnerability"
            }
          ]
        }
      ],
      "datePublic": "2017-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1038625",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038625"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2"
        },
        {
          "name": "98937",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98937"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6640",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Prime Data Center Network Manager Server Static Credential Vulnerability",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Prime Data Center Network Manager Server Static Credential Vulnerability"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038625",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038625"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2"
            },
            {
              "name": "98937",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98937"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6640",
    "datePublished": "2017-06-08T13:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:33:20.445Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0258

Vulnerability from cvelistv5

Published

2018-05-02 22:00

Modified

2024-11-29 15:12

Severity ?

Summary

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/104074	vdb-entry, x_refsource_BID
	https://www.tenable.com/security/research/tra-2018-11	x_refsource_MISC
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Cisco Prime File Upload Servlet

Version: Cisco Prime File Upload Servlet

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104074",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104074"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2018-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0258",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:46:11.025728Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:12:26.274Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime File Upload Servlet",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Prime File Upload Servlet"
            }
          ]
        }
      ],
      "datePublic": "2018-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-05T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "104074",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104074"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2018-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0258",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Prime File Upload Servlet",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Prime File Upload Servlet"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104074",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104074"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2018-11",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2018-11"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0258",
    "datePublished": "2018-05-02T22:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:12:26.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0144

Vulnerability from cvelistv5

Published

2018-03-08 07:00

Modified

2024-12-02 20:59

Severity ?

Summary

A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg81051.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/103327	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1040469	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-pdcnm	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Cisco Prime Data Center Network Manager

Version: Cisco Prime Data Center Network Manager

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:16.848Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103327",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103327"
          },
          {
            "name": "1040469",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-pdcnm"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0144",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T18:55:00.286384Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T20:59:36.349Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Data Center Network Manager",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Prime Data Center Network Manager"
            }
          ]
        }
      ],
      "datePublic": "2018-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg81051."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-09T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "103327",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103327"
        },
        {
          "name": "1040469",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-pdcnm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0144",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Prime Data Center Network Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Prime Data Center Network Manager"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg81051."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103327",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103327"
            },
            {
              "name": "1040469",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040469"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-pdcnm",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-pdcnm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0144",
    "datePublished": "2018-03-08T07:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-12-02T20:59:36.349Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5487

Vulnerability from cvelistv5

Published

2013-09-23 10:00

Modified

2024-09-16 18:03

Severity ?

Summary

DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-09-23T10:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5487",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5487",
    "datePublished": "2013-09-23T10:00:00Z",
    "dateReserved": "2013-08-22T00:00:00Z",
    "dateUpdated": "2024-09-16T18:03:08.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1196

Vulnerability from cvelistv5

Published

2013-04-29 21:00

Modified

2024-09-16 18:43

Severity ?

Summary

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:02.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130412 Multiple Cisco Products root Privileges Command Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-04-29T21:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130412 Multiple Cisco Products root Privileges Command Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1196",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130412 Multiple Cisco Products root Privileges Command Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1196",
    "datePublished": "2013-04-29T21:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-16T18:43:32.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-5417

Vulnerability from cvelistv5

Published

2012-11-02 01:00

Modified

2024-08-06 21:05

Severity ?

Summary

Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/56348	vdb-entry, x_refsource_BID
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id?1027712	vdb-entry, x_refsource_SECTRACK

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "56348",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56348"
          },
          {
            "name": "20121031 Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm"
          },
          {
            "name": "1027712",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027712"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-10-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-11-20T10:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "56348",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56348"
        },
        {
          "name": "20121031 Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm"
        },
        {
          "name": "1027712",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027712"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-5417",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "56348",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/56348"
            },
            {
              "name": "20121031 Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm"
            },
            {
              "name": "1027712",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027712"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-5417",
    "datePublished": "2012-11-02T01:00:00",
    "dateReserved": "2012-10-17T00:00:00",
    "dateUpdated": "2024-08-06T21:05:47.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0666

Vulnerability from cvelistv5

Published

2015-04-03 10:00

Modified

2024-11-15 18:02

Severity ?

Summary

Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1032009	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm	vendor-advisory, x_refsource_CISCO

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032009",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032009"
          },
          {
            "name": "20150401 Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2015-0666",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T17:39:47.392997Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-0666"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T18:02:42.175Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-04-08T17:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1032009",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032009"
        },
        {
          "name": "20150401 Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0666",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032009",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032009"
            },
            {
              "name": "20150401 Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0666",
    "datePublished": "2015-04-03T10:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-11-15T18:02:42.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5486

Vulnerability from cvelistv5

Published

2013-09-23 10:00

Modified

2024-08-06 17:15

Severity ?

Summary

Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.

References

▼	URL	Tags
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	vendor-advisory, x_refsource_CISCO
	http://www.exploit-db.com/exploits/30008	exploit, x_refsource_EXPLOIT-DB

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
          },
          {
            "name": "30008",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/30008"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036.  NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-16T01:57:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
        },
        {
          "name": "30008",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/30008"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5486",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036.  NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
            },
            {
              "name": "30008",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/30008"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5486",
    "datePublished": "2013-09-23T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0464

Vulnerability from cvelistv5

Published

2018-10-05 16:00

Modified

2024-11-26 14:26

Severity ?

Summary

A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1041585	vdb-entry, x_refsource_SECTRACK
	https://www.tenable.com/security/research/tra-2018-20	x_refsource_MISC
	http://www.securityfocus.com/bid/105159	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

Cisco

Cisco Data Center Network Manager

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:10.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20180828 Cisco Data Center Network Manager Path Traversal Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal"
          },
          {
            "name": "1041585",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041585"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2018-20"
          },
          {
            "name": "105159",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105159"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0464",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:50:40.803693Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:26:18.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Data Center Network Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-08-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-07T09:57:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20180828 Cisco Data Center Network Manager Path Traversal Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal"
        },
        {
          "name": "1041585",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041585"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2018-20"
        },
        {
          "name": "105159",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105159"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20180828-dcnm-traversal",
        "defect": [
          [
            "CSCvj86072"
          ]
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Cisco Data Center Network Manager Path Traversal Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-08-28T21:00:00-0500",
          "ID": "CVE-2018-0464",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Data Center Network Manager Path Traversal Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Data Center Network Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "8.1",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180828 Cisco Data Center Network Manager Path Traversal Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal"
            },
            {
              "name": "1041585",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041585"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2018-20",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2018-20"
            },
            {
              "name": "105159",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105159"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20180828-dcnm-traversal",
          "defect": [
            [
              "CSCvj86072"
            ]
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0464",
    "datePublished": "2018-10-05T16:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-26T14:26:18.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

All the vulnerabilites related to cisco - prime_data_center_network_manager

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5