cvelistv5 - cve-2013-5490

CVE-2013-5490 (GCVE-0-2013-5490)

Vulnerability from cvelistv5 – Published: 2013-09-23 10:00 – Updated: 2024-08-06 17:15

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/62485	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:21.045Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
          },
          {
            "name": "cisco-dcnm-cve20135490-info-disc(87191)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
          },
          {
            "name": "62485",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62485"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
        },
        {
          "name": "cisco-dcnm-cve20135490-info-disc(87191)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
        },
        {
          "name": "62485",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62485"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5490",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
            },
            {
              "name": "cisco-dcnm-cve20135490-info-disc(87191)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
            },
            {
              "name": "62485",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62485"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5490",
    "datePublished": "2013-09-23T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:21.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.1\\\\(1b\\\\)\", \"matchCriteriaId\": \"FA694779-2C13-4B1E-B072-DD153AA26C5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2e\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"019F9B97-CE8B-4DE2-BACC-D1A68F4870B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"293BB089-B320-49BA-9C25-421D540905DB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F0AE806-1C8D-4F11-A550-FF5754428A32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F81232DD-07EE-4D09-B65A-D7634E196511\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\\\(4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8AE2E29-39D9-403A-9CAC-BED892F52479\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\\\(5\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA302085-58CB-474D-AAFE-6FD5599541A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C9A708D-8CF3-49A4-800C-D31799BCBB0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03143D6F-6C97-4D8C-AD56-D5EB62F931EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEDD6E2D-A8A3-4448-908B-3AD7C06A7E45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3C88480-385A-42DB-9D68-6F38AD4D2DB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E756CA24-C315-46F0-A94F-6A71C0AF7F53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69F43509-E1B7-4245-8D2D-89A9ACD8EEF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\\\(3u\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DED096A4-0D48-49AB-92D6-0A0608C6AEC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5A24647-F23B-4DEF-B63A-940DF910AD4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDFB0875-6956-4AAE-9AB8-5759247C636E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2b\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61BFB7E8-82E4-4374-A7B9-CA10A606D304\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2c\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"265EB77A-11AE-4857-8D3C-B9039059E6FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2e\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"019F9B97-CE8B-4DE2-BACC-D1A68F4870B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"293BB089-B320-49BA-9C25-421D540905DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\\\(1b\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09B17404-A841-4CDF-B4F7-016FD4AF5507\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.\"}, {\"lang\": \"es\", \"value\": \"Cisco Prime Data Center Network Manager (DCNM) anteriores a 6.2(1) permiten a atacantes remotos leer archivos de texto arbitrarios a trav\\u00e9s de una declaraci\\u00f3n de entidad externa XML en conjunci\\u00f3n con una referencia de entidad, relacionada con un problema XML External Entity (XXE), tambi\\u00e9n conocido como Bug ID CSCud80148.\"}]",
      "id": "CVE-2013-5490",
      "lastModified": "2024-11-21T01:57:34.620",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:N/A:N\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-09-23T10:18:59.190",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/62485\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/87191\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/62485\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/87191\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-5490\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2013-09-23T10:18:59.190\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.\"},{\"lang\":\"es\",\"value\":\"Cisco Prime Data Center Network Manager (DCNM) anteriores a 6.2(1) permiten a atacantes remotos leer archivos de texto arbitrarios a trav\u00e9s de una declaraci\u00f3n de entidad externa XML en conjunci\u00f3n con una referencia de entidad, relacionada con un problema XML External Entity (XXE), tambi\u00e9n conocido como Bug ID CSCud80148.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:N/A:N\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.1\\\\(1b\\\\)\",\"matchCriteriaId\":\"FA694779-2C13-4B1E-B072-DD153AA26C5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2e\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"019F9B97-CE8B-4DE2-BACC-D1A68F4870B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"293BB089-B320-49BA-9C25-421D540905DB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F0AE806-1C8D-4F11-A550-FF5754428A32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F81232DD-07EE-4D09-B65A-D7634E196511\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8AE2E29-39D9-403A-9CAC-BED892F52479\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\\\(5\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA302085-58CB-474D-AAFE-6FD5599541A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C9A708D-8CF3-49A4-800C-D31799BCBB0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03143D6F-6C97-4D8C-AD56-D5EB62F931EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEDD6E2D-A8A3-4448-908B-3AD7C06A7E45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3C88480-385A-42DB-9D68-6F38AD4D2DB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E756CA24-C315-46F0-A94F-6A71C0AF7F53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69F43509-E1B7-4245-8D2D-89A9ACD8EEF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\\\(3u\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DED096A4-0D48-49AB-92D6-0A0608C6AEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5A24647-F23B-4DEF-B63A-940DF910AD4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDFB0875-6956-4AAE-9AB8-5759247C636E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2b\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61BFB7E8-82E4-4374-A7B9-CA10A606D304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2c\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"265EB77A-11AE-4857-8D3C-B9039059E6FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\\\(2e\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"019F9B97-CE8B-4DE2-BACC-D1A68F4870B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"293BB089-B320-49BA-9C25-421D540905DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\\\(1b\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09B17404-A841-4CDF-B4F7-016FD4AF5507\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/62485\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/87191\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/62485\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/87191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2013-5490

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-5490

Aliases

CVE-2013-5490

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5490",
    "description": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.",
    "id": "GSD-2013-5490"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5490"
      ],
      "details": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.",
      "id": "GSD-2013-5490",
      "modified": "2023-12-13T01:22:22.165635Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2013-5490",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
          },
          {
            "name": "cisco-dcnm-cve20135490-info-disc(87191)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
          },
          {
            "name": "62485",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/62485"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1\\(1b\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2c\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(3u\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(4\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5490"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130918 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
            },
            {
              "name": "62485",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/62485"
            },
            {
              "name": "cisco-dcnm-cve20135490-info-disc(87191)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:33Z",
      "publishedDate": "2013-09-23T10:18Z"
    }
  }
}

VAR-201309-0430

Vulnerability from variot - Updated: 2023-12-18 12:58

Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148. In this case, XML External entity (XXE) Vulnerability related to the problem. An attacker can exploit this issue to gain access to arbitrary text files on the underlying operating system with root privileges. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCud80148. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201309-0430",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.2\\(2\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.1\\(3u\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.0\\(2\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.1\\(1\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.1\\(4\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.1\\(2\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2\\(3\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "5.0\\(3\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.2\\(1\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.1\\(5\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.2\\(2b\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1\\(3\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.2\\(2a\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(1b\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.2\\(2e\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1\\(2\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(1b\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.1\\(1a\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.2\\(2c\\)"
      },
      {
        "model": "prime data center network manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "6.2(1)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004279"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5490"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-372"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1\\(1b\\)",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2c\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(3u\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(4\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2b\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2a\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(3\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5490"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ben Williams of NCC Group",
    "sources": [
      {
        "db": "BID",
        "id": "62485"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-372"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-5490",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-5490",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-65492",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-5490",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201309-372",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65492",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65492"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004279"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5490"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-372"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148. In this case, XML External entity (XXE) Vulnerability related to the problem. \nAn attacker can exploit this issue to gain access to arbitrary text files on the underlying operating system with root privileges. Information obtained may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCud80148. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5490"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004279"
      },
      {
        "db": "BID",
        "id": "62485"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65492"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5490",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "62485",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004279",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-372",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20130918 MULTIPLE VULNERABILITIES IN CISCO PRIME DATA CENTER NETWORK MANAGER",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-65492",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65492"
      },
      {
        "db": "BID",
        "id": "62485"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004279"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5490"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-372"
      }
    ]
  },
  "id": "VAR-201309-0430",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65492"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:58:06.182000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "30682",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewambalert.x?alertid=30682"
      },
      {
        "title": "cisco-sa-20130918-dcnm",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130918-dcnm"
      },
      {
        "title": "30758",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30758"
      },
      {
        "title": "cisco-sa-20130918-dcnm",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/111/1119/1119892_cisco-sa-20130918-dcnm-j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004279"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65492"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004279"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5490"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130918-dcnm"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/62485"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5490"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5490"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps9369/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30758"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65492"
      },
      {
        "db": "BID",
        "id": "62485"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004279"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5490"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-372"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-65492"
      },
      {
        "db": "BID",
        "id": "62485"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004279"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5490"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-372"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-09-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65492"
      },
      {
        "date": "2013-09-18T00:00:00",
        "db": "BID",
        "id": "62485"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004279"
      },
      {
        "date": "2013-09-23T10:18:59.190000",
        "db": "NVD",
        "id": "CVE-2013-5490"
      },
      {
        "date": "2013-09-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-372"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65492"
      },
      {
        "date": "2013-09-18T00:00:00",
        "db": "BID",
        "id": "62485"
      },
      {
        "date": "2013-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004279"
      },
      {
        "date": "2017-08-29T01:33:48.997000",
        "db": "NVD",
        "id": "CVE-2013-5490"
      },
      {
        "date": "2013-09-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201309-372"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-372"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Prime Data Center Network Manager Vulnerable to reading arbitrary text files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004279"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201309-372"
      }
    ],
    "trust": 0.6
  }
}

GHSA-MV9W-9F6P-3QW9

Vulnerability from github – Published: 2022-05-17 01:31 – Updated: 2022-05-17 01:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5490"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-09-23T10:18:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.",
  "id": "GHSA-mv9w-9f6p-3qw9",
  "modified": "2022-05-17T01:31:23Z",
  "published": "2022-05-17T01:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5490"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/62485"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2013-AVI-534

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Cisco Prime Data Center Network Manager. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 4.2
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 5.0
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 5.1
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 5.2
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 6.1
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 4.1

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20130918-dcnm du 18 septembre 2013	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20130918-dcnm du 18 septembre 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 5.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-5487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5487"
    },
    {
      "name": "CVE-2013-5486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5486"
    },
    {
      "name": "CVE-2013-5490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5490"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130918-dcnm du 18    septembre 2013",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    }
  ],
  "reference": "CERTA-2013-AVI-534",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco Prime Data Center Network Manager\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Prime Data Center Network Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130918-dcnm du 18 septembre 2013",
      "url": null
    }
  ]
}

CERTA-2013-AVI-637

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Cisco Prime Data Center Network Manager. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco Prime DCNM versions antérieures à 6.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20130918-dcnm du 05 novembre 2013	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20130918-dcnm du 05 novembre 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco Prime DCNM versions ant\u00e9rieures \u00e0 6.2\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-5487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5487"
    },
    {
      "name": "CVE-2013-5486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5486"
    },
    {
      "name": "CVE-2013-5490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5490"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130918-dcnm du 05    novembre 2013",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    }
  ],
  "reference": "CERTA-2013-AVI-637",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco Prime Data Center Network Manager\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Prime Data Center Network Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130918-dcnm du 05 novembre 2013",
      "url": null
    }
  ]
}

CERTA-2013-AVI-637

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Cisco Prime Data Center Network Manager. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco Prime DCNM versions antérieures à 6.2

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20130918-dcnm du 05 novembre 2013	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20130918-dcnm du 05 novembre 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco Prime DCNM versions ant\u00e9rieures \u00e0 6.2\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-5487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5487"
    },
    {
      "name": "CVE-2013-5486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5486"
    },
    {
      "name": "CVE-2013-5490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5490"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130918-dcnm du 05    novembre 2013",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    }
  ],
  "reference": "CERTA-2013-AVI-637",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco Prime Data Center Network Manager\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Prime Data Center Network Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130918-dcnm du 05 novembre 2013",
      "url": null
    }
  ]
}

CERTA-2013-AVI-534

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 4.2
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 5.0
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 5.1
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 5.2
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 6.1
Cisco	N/A	Cisco Prime Data Center Network Manager (DCNM) version 4.1

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20130918-dcnm du 18 septembre 2013	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20130918-dcnm du 18 septembre 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 5.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Data Center Network Manager (DCNM) version 4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-5487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5487"
    },
    {
      "name": "CVE-2013-5486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5486"
    },
    {
      "name": "CVE-2013-5490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5490"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130918-dcnm du 18    septembre 2013",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    }
  ],
  "reference": "CERTA-2013-AVI-534",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco Prime Data Center Network Manager\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Prime Data Center Network Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130918-dcnm du 18 septembre 2013",
      "url": null
    }
  ]
}

FKIE_CVE-2013-5490

Vulnerability from fkie_nvd - Published: 2013-09-23 10:18 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/62485
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/87191
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62485
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/87191

Impacted products

Vendor	Product	Version
cisco	prime_data_center_network_manager	*
cisco	prime_data_center_network_manager	5.2\(2e\)
cisco	prime_data_center_network_manager	6.1\(1a\)
cisco	prime_data_center_network_manager	4.1\(2\)
cisco	prime_data_center_network_manager	4.1\(3\)
cisco	prime_data_center_network_manager	4.1\(4\)
cisco	prime_data_center_network_manager	4.1\(5\)
cisco	prime_data_center_network_manager	4.2\(1\)
cisco	prime_data_center_network_manager	4.2\(3\)
cisco	prime_data_center_network_manager	5.0\(2\)
cisco	prime_data_center_network_manager	5.0\(3\)
cisco	prime_data_center_network_manager	5.1\(1\)
cisco	prime_data_center_network_manager	5.1\(2\)
cisco	prime_data_center_network_manager	5.1\(3u\)
cisco	prime_data_center_network_manager	5.2\(2\)
cisco	prime_data_center_network_manager	5.2\(2a\)
cisco	prime_data_center_network_manager	5.2\(2b\)
cisco	prime_data_center_network_manager	5.2\(2c\)
cisco	prime_data_center_network_manager	5.2\(2e\)
cisco	prime_data_center_network_manager	6.1\(1a\)
cisco	prime_data_center_network_manager	6.1\(1b\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA694779-2C13-4B1E-B072-DD153AA26C5D",
              "versionEndIncluding": "6.1\\(1b\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "019F9B97-CE8B-4DE2-BACC-D1A68F4870B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "293BB089-B320-49BA-9C25-421D540905DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0AE806-1C8D-4F11-A550-FF5754428A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F81232DD-07EE-4D09-B65A-D7634E196511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D8AE2E29-39D9-403A-9CAC-BED892F52479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BA302085-58CB-474D-AAFE-6FD5599541A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9A708D-8CF3-49A4-800C-D31799BCBB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "03143D6F-6C97-4D8C-AD56-D5EB62F931EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDD6E2D-A8A3-4448-908B-3AD7C06A7E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F3C88480-385A-42DB-9D68-6F38AD4D2DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E756CA24-C315-46F0-A94F-6A71C0AF7F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "69F43509-E1B7-4245-8D2D-89A9ACD8EEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(3u\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DED096A4-0D48-49AB-92D6-0A0608C6AEC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F5A24647-F23B-4DEF-B63A-940DF910AD4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DDFB0875-6956-4AAE-9AB8-5759247C636E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "61BFB7E8-82E4-4374-A7B9-CA10A606D304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "265EB77A-11AE-4857-8D3C-B9039059E6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "019F9B97-CE8B-4DE2-BACC-D1A68F4870B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "293BB089-B320-49BA-9C25-421D540905DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "09B17404-A841-4CDF-B4F7-016FD4AF5507",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148."
    },
    {
      "lang": "es",
      "value": "Cisco Prime Data Center Network Manager (DCNM) anteriores a 6.2(1) permiten a atacantes remotos leer archivos de texto arbitrarios a trav\u00e9s de una declaraci\u00f3n de entidad externa XML en conjunci\u00f3n con una referencia de entidad, relacionada con un problema XML External Entity (XXE), tambi\u00e9n conocido como Bug ID CSCud80148."
    }
  ],
  "id": "CVE-2013-5490",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-23T10:18:59.190",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/62485"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87191"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-5490 (GCVE-0-2013-5490)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature