CVE-2013-5490 — Sensitive Information Exposure in Cisco Prime Data Center Network Manager

CWE-200 — Sensitive Information Exposure CWE-78 — OS Command Injection4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.6%

top 30.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Data Center Network Manager

Timeline

PublishedSep 23

Latest updateMay 17

Description

Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/prime_data_center_network_manager6.1\(1b\)+18

🔴Vulnerability Details

GHSA

GHSA-mv9w-9f6p-3qw9: Cisco Prime Data Center Network Manager (DCNM) before 6↗2022-05-17

▶

CVEList

CVE-2013-5490: Cisco Prime Data Center Network Manager (DCNM) before 6↗2013-09-23

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Prime Data Center Network Manager↗2013-09-18

▶