CVE-2018-0464 — Path Traversal in Cisco Data Center Network Manager

CWE-22 — Path Traversal4 documents4 sources

Severity

8.1HIGHNVD

EPSS

2.2%

top 15.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Data Center Network Manager Cisco Prime Data Center Network Manager

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker t…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5cisco/cisco_data_center_network_managern/a

▶NVDcisco/prime_data_center_network_manager9 versions+8

🔴Vulnerability Details

GHSA

GHSA-765j-3735-w74r: A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and↗2022-05-13

▶

CVEList

Cisco Data Center Network Manager Path Traversal Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco Data Center Network Manager Path Traversal Vulnerability↗2018-08-28

▶