CVE-2013-5486

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2013-5486
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm Vendor Advisory
http://www.exploit-db.com/exploits/30008 Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:5.0\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:4.2\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\(5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\(2e\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\(2c\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\(2b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\(2a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\(1b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\(3u\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\(1a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:5.1\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:4.1\(4\):*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:cisco:prime_data_center_network_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:6.1\(1a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_data_center_network_manager:5.2\(2e\):*:*:*:*:*:*:*
Information

Published : 2013-09-23 03:18

Updated : 2016-09-16 13:47

NVD link : CVE-2013-5486

Mitre link : CVE-2013-5486

JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa
Products Affected

cisco

  • prime_data_center_network_manager