4 results (0.005 seconds)

CVSS: 6.4EPSS: 96%CPEs: 1EXPL: 0

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365. • http://www.securityfocus.com/bid/101527 http://www.securitytracker.com/id/1039623 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0

Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892. Cisco Prime Network Analysis Module (NAM) en versiones anteriores a 6.1(1) patch.6.1-2-final y 6.2.x en versiones anteriores a 6.2(1) y Prime Virtual Network Analysis Module (vNAM) en versiones anteriores a 6.1(1) patch.6.1-2-final y 6.2.x en versiones anteriores a 6.2(1) permiten a usuarios locales obtener acceso root a través de una entrada CLI manipulada, también conocido como Bug ID CSCuy21892. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime1 http://www.securitytracker.com/id/1036015 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0

Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889. Cisco Prime Network Analysis Module (NAM) en versiones anteriores a 6.1(1) patch.6.1-2-final y 6.2.x en versiones anteriores a 6.2(2) y Prime Virtual Network Analysis Module (vNAM) en versiones anteriores a 6.1(1) patch.6.1-2-final y 6.2.x en versiones anteriores a 6.2(2) permite a usuarios remotos autenticados ejecutar comandos de SO arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCuy21889. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime2 http://www.securitytracker.com/id/1036014 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0

Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882. Cisco Prime Network Analysis Module (NAM) en versiones anteriores a 6.1(1) patch.6.1-2-final y 6.2.x en versiones anteriores a 6.2(1) y Prime Virtual Network Analysis Module (vNAM) en versiones anteriores a 6.1(1) patch.6.1-2-final y 6.2.x en versiones anteriores a 6.2(1) permiten a atacantes remotos ejecutar comandos de SO arbitrarios a través de una petición HTTP manipulada, también conocido como Bug ID CSCuy21882. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime http://www.securitytracker.com/id/1036013 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •