Detections
Analytics
Cisco Prime Data Center Network Manager < 7.1(1) Directory Traversal Vulnerability
high Nessus Plugin ID 82740
Language:
Synopsis
A network management system installed on the remote host is affected by a directory traversal vulnerability.Description
The version of Cisco Prime Data Center Network Manager (DCNM) installed on the remote host is affected by a directory traversal vulnerability in the fmserver servlet due to improper validation of user-supplied input. An unauthenticated, remote attacker, using a crafted file pathname, can read arbitrary files from the filesystem outside of a restricted path.Solution
Upgrade to Cisco Prime Data Center Network Manager 7.1(1) or later.See Also
https://www.zerodayinitiative.com/advisories/ZDI-15-111/
http://www.nessus.org/u?d7202716
https://tools.cisco.com/security/center/viewAlert.x?alertId=37810
Plugin Details
Severity: High
ID: 82740
File Name: cisco_prime_dcnm_fmserver_dir_traversal.nasl
Version: 1.13
Type: remote
Family: CISCO
Published: 4/13/2015
Updated: 4/25/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2015-0666
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:cisco:prime_data_center_network_manager
Required KB Items: installed_sw/cisco_dcnm_web
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/1/2015
Vulnerability Publication Date: 4/1/2015
CISA Known Exploited Vulnerability Due Dates: 4/15/2022
Reference Information
CVE: CVE-2015-0666
BID: 73479
CISCO-SA: cisco-sa-20150401-dcnm
CISCO-BUG-ID: CSCus00241