SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cisco Data Center Network Manager Vendors:   Cisco
Cisco Prime Data Center Network Manager Directory Traversal Bug Lets Remote Users Obtain Arbitrary Files
SecurityTracker Alert ID:  1032009
SecurityTracker URL:  http://securitytracker.com/id/1032009
CVE Reference:   CVE-2015-0666   (Links to External Site)
Date:  Apr 1 2015
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.3(1) and after and prior to 7.1(1)
Description:   A vulnerability was reported in Cisco Prime Data Center Network Manager. A remote user can obtain files on the target system.

A remote user can supply a specially crafted request to exploit a directory traversal flaw in the fmserver servlet of Cisco Prime Data Center Network Manager (DCNM) and obtain arbitrary files from the target system with system or root privileges.

The vendor has assigned bug ID CSCus00241 to this vulnerability.

Andrea Micalizzi (rgod) reported this vulnerability (via HP's Zero Day Initiative).

Impact:   A remote user can obtain arbitrary files from the target system.
Solution:   The vendor has issued a fix (7.1(1)).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Enterprise), Windows (2008)

Message History:   None.


 Source Message Contents

Subject:  Cisco Security Advisory: Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability

Advisory ID: cisco-sa-20150401-dcnm

Revision 1.0

For Public Release 2015 April 1 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Prime Data Center Network Manager (DCNM) contains a file
information disclosure vulnerability that could allow an
unauthenticated, remote attacker to retrieve arbitrary files from the
underlying operating system.

Cisco has released free software updates that address this
vulnerability.

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVRtf5opI1I6i1Mx3AQJ3xA/9Gmn7orljFxgHN+AORvqz4xhgUGbF5R/H
8HLS41OlI+sEa15OTmqx6WL8D51594ug3iDwNq5bFEadmHZ4zLPdwKuZaKkXXtW0
e7pJDYnDO78PUwlSVz7RW+0q16qNN//5H31VEkGTrb8/FR9YuvmK6rUMql9s3Wxc
6e+vDMRIauTqK3CvC2Dp/IW2Xhzl+DXkTRwpjBiVwEm5V6K3CEQ4/oiV4cm/ZqB+
l9XGKCnPZAH10HDkhdDwosvLiFI2cD7ra0zwiqGen8RKRSR/INjS/qwThnQzvsIo
Wb1+GqsGdOKsnb+XEur6xk4i4sjf87HHXkC7MuBXN7vcjjvgPw5OoyHL1IlvZ1yS
TKU1jcGUzryh7CvA0eJFjFpQUr9vdXDLRyjhXKhND9ef996Flgx1xLbOFbOQTfdM
8+JciMaxnKavJcGatHRj1h+IjGoeX05N+41knKp3fgmwdhaHzgQr7WfdKxno/JWh
HlJPKuktr10FOopqKe/mEM344D7zazNBUWSKB+aYs3aM7uoat+wsyLk0RG4DYoBs
Imjsl1dpinFnsISB0nebRlxErYdG5eMMJHoUCc5GxwCtwB4yyjuGpHKB86Ad6MSJ
QriLWc0SYMxwd2TZcmvrkw2jrsMM51Mg83zkj29dfEcXLvXQrs8/E1OW+bMt0rKB
JEiVHr4/6aA=
=NAIi
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC