CVSS: 8.1EPSS: 1%CPEs: 9EXPL: 1CVE-2018-0464 – Cisco Data Center Network Manager Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2018-0464
A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system. Una vulnerabilidad en el software Cisco Data Center Network Manager podría permitir a un atacante remoto autenticado llevar a cabo ataques de salto de directorio y obtener acceso a archivos sensibles en el sistema objetivo. • http://www.securityfocus.com/bid/105159 http://www.securitytracker.com/id/1041585 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal https://www.tenable.com/security/research/tra-2018-20 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 97%CPEs: 4EXPL: 0CVE-2015-0666 – Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2015-0666
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241. Vulnerabilidad de salto de directorio en el servlet fmserver en Cisco Prime Data Center Network Manager (DCNM) anterior a 7.1(1) permite a atacantes remotos leer ficheros arbitrarios a través de un nombre de ruta manipulado, también conocido como Bug ID CSCus00241. This vulnerability allows remote attackers to read arbitrary files, and bypass authentication, on a system with vulnerable installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fmserver servlet which is vulnerable to a directory traversal. An attacker can leverage this vulnerability to read arbitrary files, including operating system files, as the service is installed with SYSTEM privileges by default. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm http://www.securitytracker.com/id/1032009 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •