CVE-2017-6639Missing Authorization in Cisco Prime Data Center Network Manager

CWE-16CWE-862Missing Authorization4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
33.8%
top 3.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Prime Data Center Network Manager
Timeline
PublishedJun 8
Latest updateMay 13

Description

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDcisco/prime_data_center_network_manager10.1.0, 10.1\(1\), 10.1\(2\)+2

🔴Vulnerability Details

2
GHSA
GHSA-g5qh-px86-xw7j: A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated2022-05-13
CVEList
CVE-2017-6639: A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated2017-06-08

📋Vendor Advisories

1
Cisco
Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability2017-06-07
CVE-2017-6639 — Missing Authorization in Cisco | cvebase