CNVD-2017-09959

Vulnerability from cnvd - Published: 2017-06-18
VLAI Severity ?
Title
Cisco Prime Data Center Network Manager远程代码执行漏洞
Description
Cisco Prime Data Center Network Manager是网络管理应用,可帮助您有效执行和管理虚拟化数据中心。 Cisco Prime Data Center Network Manager (DCNM)的角色访问控制(RBAC)功能存在安全漏洞,远程攻击者可利用漏洞访问敏感信息或以root权限执行任意代码。
Severity
Patch Name
Cisco Prime Data Center Network Manager远程代码执行漏洞的补丁
Patch Description
Cisco Prime Data Center Network Manager是网络管理应用,可帮助您有效执行和管理虚拟化数据中心。 Cisco Prime Data Center Network Manager (DCNM)的角色访问控制(RBAC)功能存在安全漏洞,远程攻击者可利用漏洞访问敏感信息或以root权限执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

Cisco已经为此发布了一个安全公告(cisco-sa-20170607-dcnm1)以及相应补丁: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1

Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1 http://www.securityfocus.com/bid/98935
Impacted products
Name
['Cisco Prime Data Center Network Manager 10.1(1)', 'Cisco Prime Data Center Network Manager 10.1(2)', 'Cisco MDS 9500 Series Multilayer Directors 10.1(2)', 'Cisco MDS 9500 Series Multilayer Directors 10.1(1)ST(1)', 'Cisco MDS 9500 Series Multilayer Directors 10.1(1)S5']
Show details on source website
To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "98935"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6639"
    }
  },
  "description": "Cisco Prime Data Center Network Manager\u662f\u7f51\u7edc\u7ba1\u7406\u5e94\u7528\uff0c\u53ef\u5e2e\u52a9\u60a8\u6709\u6548\u6267\u884c\u548c\u7ba1\u7406\u865a\u62df\u5316\u6570\u636e\u4e2d\u5fc3\u3002\r\n\r\nCisco Prime Data Center Network Manager (DCNM)\u7684\u89d2\u8272\u8bbf\u95ee\u63a7\u5236(RBAC)\u529f\u80fd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u6216\u4ee5root\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Antonius Mulder of Commonwealth Bank of Australia.",
  "formalWay": "Cisco\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cisco-sa-20170607-dcnm1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-09959",
  "openTime": "2017-06-18",
  "patchDescription": "Cisco Prime Data Center Network Manager\u662f\u7f51\u7edc\u7ba1\u7406\u5e94\u7528\uff0c\u53ef\u5e2e\u52a9\u60a8\u6709\u6548\u6267\u884c\u548c\u7ba1\u7406\u865a\u62df\u5316\u6570\u636e\u4e2d\u5fc3\u3002\r\n\r\nCisco Prime Data Center Network Manager (DCNM)\u7684\u89d2\u8272\u8bbf\u95ee\u63a7\u5236(RBAC)\u529f\u80fd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u6216\u4ee5root\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Prime Data Center Network Manager\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Prime Data Center Network Manager 10.1(1)",
      "Cisco Prime Data Center Network Manager 10.1(2)",
      "Cisco MDS 9500 Series Multilayer Directors 10.1(2)",
      "Cisco MDS 9500 Series Multilayer Directors 10.1(1)ST(1)",
      "Cisco MDS 9500 Series Multilayer Directors 10.1(1)S5"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1\r\nhttp://www.securityfocus.com/bid/98935",
  "serverity": "\u9ad8",
  "submitTime": "2017-06-09",
  "title": "Cisco Prime Data Center Network Manager\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.