VDB-124857 · CVE-2018-0464 · BID 105159

Cisco Data Center Network Manager 11.0(1) Management Interface kataloggenomgång

Det var en kritiskt svag punkt upptäcktes i Cisco Data Center Network Manager 11.0(1). Som påverkar en okänd funktion av komponenten Management Interface. En uppgradering att åtgärda problemet. En möjlig åtgärd har utfärdats före och inte efter offentliggörandet.

Fält06/10/2018 07:5030/03/2020 10:45
securityfocus_titleCisco Data Center Network Manager CVE-2018-0464 Directory Traversal VulnerabilityCisco Data Center Network Manager CVE-2018-0464 Directory Traversal Vulnerability
nessus_id112019112019
nessus_nameCisco Prime Data Center Network Manager < 11.0(1) Download Servlet Path Traversal VulnerabilityCisco Prime Data Center Network Manager < 11.0(1) Download Servlet Path Traversal Vulnerability
nessus_filenamecisco_dcnm_download_servlet_path_traversal.naslcisco_dcnm_download_servlet_path_traversal.nasl
nessus_riskMediumMedium
nessus_familyCISCOCISCO
nessus_typeremoteremote
nessus_date1534809600 (21/08/2018)1534809600 (21/08/2018)
qualys_id8734787347
qualys_titleCisco Data Center Network Manager Path Traversal VulnerabilityCisco Data Center Network Manager Path Traversal Vulnerability
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_nvd_basescore8.18.1
vendorCiscoCisco
nameData Center Network ManagerData Center Network Manager
version11.0(1)11.0(1)
componentManagement InterfaceManagement Interface
cwe22 (kataloggenomgång)22 (kataloggenomgång)
risk22
cvss2_vuldb_basescore6.06.0
cvss2_vuldb_tempscore5.25.2
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore7.27.2
cvss3_meta_tempscore6.86.8
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.06.0
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aNN
date1538690400 (05/10/2018)1538690400 (05/10/2018)
locationWebsiteWebsite
typeAdvisoryAdvisory
urlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversalhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal
identifiercisco-sa-20180828-dcnm-traverscisco-sa-20180828-dcnm-travers
price_0day$5k-$25k$5k-$25k
nameUpgradeUpgrade
date1531173600 (10/07/2018)1531173600 (10/07/2018)
cveCVE-2018-0464CVE-2018-0464
cve_assigned1511733600 (26/11/2017)1511733600 (26/11/2017)
cve_nvd_published15386976001538697600
cve_nvd_summaryA vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system.A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system.
securityfocus105159105159
securityfocus_classInput Validation Error
discoverydate1535414400
securityfocus_date1535414400 (28/08/2018)

TidigareÖversiktNästa

Interested in the pricing of exploits?

See the underground prices here!