CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 1CVE-2018-0464 – Cisco Data Center Network Manager Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-0464
05 Oct 2018 — A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or cr... • http://www.securityfocus.com/bid/105159 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0258
https://notcve.org/view.php?id=CVE-2018-0258
02 May 2018 — A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727. Una vulnerabilidad en el servlet Cisco Prime File Upload que afecta a ... • http://www.securityfocus.com/bid/104074 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2017-6640
https://notcve.org/view.php?id=CVE-2017-6640
08 Jun 2017 — A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could e... • https://github.com/hemp3l/CVE-2017-6640-POC • CWE-264: Permissions, Privileges, and Access Controls CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 52%CPEs: 3EXPL: 0CVE-2017-6639 – HPE Security Bulletin HPESB3P03762 1
https://notcve.org/view.php?id=CVE-2017-6639
08 Jun 2017 — A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debug... • http://www.securityfocus.com/bid/98935 • CWE-16: Configuration CWE-862: Missing Authorization •