CVE-2012-5417Sensitive Information Exposure in Cisco Prime Data Center Network Manager

CWE-264CWE-200Sensitive Information Exposure4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
2.5%
top 14.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Prime Data Center Network Manager
Timeline
PublishedNov 2
Latest updateMay 17

Description

Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-qpjm-j8ww-v798: Cisco Prime Data Center Network Manager (DCNM) before 62022-05-17
CVEList
CVE-2012-5417: Cisco Prime Data Center Network Manager (DCNM) before 62012-11-02

📋Vendor Advisories

1
Cisco
Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability2012-10-31
CVE-2012-5417 — Sensitive Information Exposure in Cisco | cvebase