CVE-2012-5417

Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm	Vendor Advisory
http://www.securitytracker.com/id?1027712
http://www.securityfocus.com/bid/56348

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\(2c\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\(2b\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\(2\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\(3\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\(1b\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\(3u\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\(2\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\(3\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\(2\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\(2a\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\(2\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\(3\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\(1a\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\(1\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\(2e\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\(5\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\(1\):::::::*
	cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\(4\):::::::*

Information

Published : 2012-11-01 21:46

Updated : 2013-02-25 20:51

NVD link : CVE-2012-5417

Mitre link : CVE-2012-5417

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

cisco

prime_data_center_network_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm", "name": "20121031 Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securitytracker.com/id?1027712", "name": "1027712", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/56348", "name": "56348", "tags": [], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-5417", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-11-02T04:46Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2c\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2b\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1b\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(3u\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2a\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\\(1a\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\\(2e\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(5\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\\(4\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-02-26T04:51Z"}

10.0 /10