⚠ Actively exploited
Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..
CVE-2015-0666 — Path Traversal in Cisco Prime Data Center Network Manager
Severity
7.5HIGHNVD
EPSS
53.1%
top 2.03%
CISA KEV
KEV
Added 2022-03-25
Due 2022-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedApr 3
KEV addedMar 25
KEV dueApr 15
Latest updateMay 17
CISA Required Action: Apply updates per vendor instructions.
Description
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages1 packages
🔴Vulnerability Details
3GHSA▶
GHSA-hgq8-fc97-42ff: Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7↗2022-05-17
CVEList▶
CVE-2015-0666: Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7↗2015-04-03