Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-5486OS Command Injection in Cisco Prime Data Center Network Manager

CWE-78OS Command InjectionCWE-200Sensitive Information Exposure5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
88.7%
top 0.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Prime Data Center Network Manager
Timeline
PublishedSep 23
Latest updateMay 17

Description

Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vwcq-hv4g-5p69: Directory traversal vulnerability in processImageSave2022-05-17
CVEList
CVE-2013-5486: Directory traversal vulnerability in processImageSave2013-09-23

💥Exploits & PoCs

1
Exploit-DB
Cisco Prime Data Center Network Manager - Arbitrary File Upload (Metasploit)2013-12-03

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Prime Data Center Network Manager2013-09-18
CVE-2013-5486 — OS Command Injection in Cisco | cvebase