Cisco Prime Data Center Network Manager vulnerabilities

CVE-2020-3539 [MEDIUM] CWE-285 CVE-2020-3539: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) co A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges. An attacker could ex

CVE-2018-0464 [HIGH] CWE-22 CVE-2018-0464: A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote a A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by send

CVE-2018-0258 [CRITICAL] CWE-22 CVE-2018-0258: A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later,

CVE-2018-0144 [MEDIUM] CWE-79 CVE-2018-0144: A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager cou A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-

CVE-2017-6639 [CRITICAL] CWE-16 CVE-2017-6639: A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Net A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanism

CVE-2017-6640 [CRITICAL] CWE-264 CVE-2017-6640: A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenti A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected softw

CVE-2015-0666 [HIGH] CWE-22 CVE-2015-0666: Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.

CVE-2014-3329 [MEDIUM] CWE-79 CVE-2014-3329: Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Netw Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620.

CVE-2013-5486 [CRITICAL] CWE-78 CVE-2013-5486: Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Cen Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy function

CVE-2013-5487 [HIGH] CWE-200 CVE-2013-5487: DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attack DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.

CVE-2013-5490 [HIGH] CWE-200 CVE-2013-5490: Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitra Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148.

CVE-2012-5417 [CRITICAL] CWE-264 CVE-2012-5417: Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to ce Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.