CVE-2013-5486
published 2013-09-23CVE-2013-5486: Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote…
PriorityP179critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
75.96%
99.5th percentile
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | prime_data_center_network_manager | <= 6.1\(1b\) | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /cues_utility/charts/processImageSave.jsp mode=save&savefile=true&chartid=<traversal>/<filename>%00&data=<base64>↗
pathC:\Program Files\Cisco Systems\dcm\jboss-4.2.2.GA\server\fm\tmp\deploy\tmp3409372432509144123dcm-exp.war\cues_utility\charts↗
- →Detect POST requests to processImageSave.jsp with directory traversal sequences in the 'chartid' parameter, especially those containing null byte (%00) injection. ↗
- →Monitor for WAR file drops in the JBoss autodeploy directory (jboss-4.2.2.GA/server/fm/deploy) as a sign of successful exploitation leading to RCE. ↗
- →Alert on HTTP 200 responses from processImageSave.jsp containing the string 'success' following a POST with traversal in chartid, indicating a successful file upload. ↗
- →Look for unauthenticated POST requests to /cues_utility/charts/processImageSave.jsp with POST parameters mode=save and savefile=true as exploitation indicators. ↗
- →Detect subsequent GET requests to randomly named application paths following a WAR upload, which indicate JBoss autodeploy payload triggering. ↗
- ·The exploit has been confirmed against Cisco Prime DCNM 6.1(2) on Windows 2008 R2 (64-bit); the traversal depth (../../../../../deploy) is specific to this version and OS path layout. ↗
- ·The vulnerability is fixed in Cisco Prime DCNM 6.2(1) and later; detection rules should focus on versions prior to 6.2(1). ↗
- ·Multiple distinct bug IDs are associated with this CVE (CSCue77035, CSCue77036), indicating the vulnerability may manifest in more than one component of DCNM. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
vendor_cisco·2013-09-18·CVSS 10.0
CVE-2013-5486 [CRITICAL] CWE-200 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
Cisco Prime Data Center Network Manager (DCNM) contains
multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are
affected. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others.
Cisco Prime DCNM is affected by the following vulnerabilities:
Cisco Prime DCNM Information Disclosure Vulnerability
Cisco Prime DCNM Remote Command Execution Vulnerabilities
Cisco Prime DCNM XML External Entity Injection Vulnerability
Cisco has released software updates that address these
Cisco
Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
vendor_cisco
CVE-2013-5486 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
CVE-2013-5486: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
Cisco Prime Data Center Network Manager (DCNM) contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are affected. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco Prime DCNM is affected by the following vulnerabilities: Cisco Prime DCNM Information Disclosure Vulnerability Cisco Prime DCNM Remote Command Execution Vulnerabilities Cisco Prime DCNM XML External Entity Injection Vulnerability Cisco has released software updates that addre
GHSA
GHSA-vwcq-hv4g-5p69: Directory traversal vulnerability in processImageSave
ghsa_unreviewed·2022-05-17
CVE-2013-5486 [HIGH] CWE-78 GHSA-vwcq-hv4g-5p69: Directory traversal vulnerability in processImageSave
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
No detection rules found.
Exploit-DB
Cisco Prime Data Center Network Manager - Arbitrary File Upload (Metasploit)
exploitdb·2013-12-03
CVE-2013-5486 Cisco Prime Data Center Network Manager - Arbitrary File Upload (Metasploit)
Cisco Prime Data Center Network Manager - Arbitrary File Upload (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Cisco Prime Data Center Network Manager Arbitrary File Upload',
'Description' => %q{
This module exploits a code execution flaw in Cisco Data Center Network Manager. The
vulnerability exists in processImageSave.jsp, which can be abused through a directory
traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss
application server feature is used to achieve remote code execution. This module has been
tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2
(64 bits).
},
'Author'
Metasploit
Cisco Prime Data Center Network Manager Arbitrary File Upload
metasploit
Cisco Prime Data Center Network Manager Arbitrary File Upload
Cisco Prime Data Center Network Manager Arbitrary File Upload
This module exploits a code execution flaw in Cisco Data Center Network Manager. The vulnerability exists in processImageSave.jsp, which can be abused through a directory traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss application server feature is used to achieve remote code execution. This module has been tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2 (64 bits).
No writeups or analysis indexed.
2013-09-23
Published