CVE-2013-5490
published 2013-09-23CVE-2013-5490: Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in…
PriorityP341high7.8CVSS 2.0
AVNACLAuNCCINAN
EPSS
1.71%
74.4th percentile
Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | prime_data_center_network_manager | <= 6.1\(1b\) | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
| cisco | prime_data_center_network_manager | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
vendor_cisco·2013-09-18·CVSS 10.0
CVE-2013-5486 [CRITICAL] CWE-200 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
Cisco Prime Data Center Network Manager (DCNM) contains
multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are
affected. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others.
Cisco Prime DCNM is affected by the following vulnerabilities:
Cisco Prime DCNM Information Disclosure Vulnerability
Cisco Prime DCNM Remote Command Execution Vulnerabilities
Cisco Prime DCNM XML External Entity Injection Vulnerability
Cisco has released software updates that address these
Cisco
Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
vendor_cisco
CVE-2013-5490 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
CVE-2013-5490: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
Cisco Prime Data Center Network Manager (DCNM) contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are affected. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco Prime DCNM is affected by the following vulnerabilities: Cisco Prime DCNM Information Disclosure Vulnerability Cisco Prime DCNM Remote Command Execution Vulnerabilities Cisco Prime DCNM XML External Entity Injection Vulnerability Cisco has released software updates that addre
GHSA
GHSA-mv9w-9f6p-3qw9: Cisco Prime Data Center Network Manager (DCNM) before 6
ghsa_unreviewed·2022-05-17
CVE-2013-5490 [HIGH] CWE-200 GHSA-mv9w-9f6p-3qw9: Cisco Prime Data Center Network Manager (DCNM) before 6
Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnmhttp://www.securityfocus.com/bid/62485https://exchange.xforce.ibmcloud.com/vulnerabilities/87191http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnmhttp://www.securityfocus.com/bid/62485https://exchange.xforce.ibmcloud.com/vulnerabilities/87191
2013-09-23
Published