CVE-2018-0464 – Cisco Data Center Network Manager Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-0464
A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system. Una vulnerabilidad en el software Cisco Data Center Network Manager podría permitir a un atacante remoto autenticado llevar a cabo ataques de salto de directorio y obtener acceso a archivos sensibles en el sistema objetivo. • http://www.securityfocus.com/bid/105159 http://www.securitytracker.com/id/1041585 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal https://www.tenable.com/security/research/tra-2018-20 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2015-0666 – Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2015-0666
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241. Vulnerabilidad de salto de directorio en el servlet fmserver en Cisco Prime Data Center Network Manager (DCNM) anterior a 7.1(1) permite a atacantes remotos leer ficheros arbitrarios a través de un nombre de ruta manipulado, también conocido como Bug ID CSCus00241. This vulnerability allows remote attackers to read arbitrary files, and bypass authentication, on a system with vulnerable installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fmserver servlet which is vulnerable to a directory traversal. An attacker can leverage this vulnerability to read arbitrary files, including operating system files, as the service is installed with SYSTEM privileges by default. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm http://www.securitytracker.com/id/1032009 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-3329
https://notcve.org/view.php?id=CVE-2014-3329
Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620. Vulnerabilidad de XSS en el componente del servidor web en Cisco Prime Data Center Network Manager (DCNM) 6.3(2) y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum86620. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3329 http://tools.cisco.com/security/center/viewAlert.x?alertId=35065 http://www.securityfocus.com/bid/68926 http://www.securitytracker.com/id/1030652 https://exchange.xforce.ibmcloud.com/vulnerabilities/94889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •