CVE-2013-5486: OS Command Injection
First published: Mon Sep 23 2013(Updated: )
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Prime Data Center Network Manager | =4.1\(2\) | |
| Cisco Prime Data Center Network Manager | =4.1\(3\) | |
| Cisco Prime Data Center Network Manager | =4.1\(4\) | |
| Cisco Prime Data Center Network Manager | =4.1\(5\) | |
| Cisco Prime Data Center Network Manager | =4.2\(1\) | |
| Cisco Prime Data Center Network Manager | =4.2\(3\) | |
| Cisco Prime Data Center Network Manager | =5.0\(2\) | |
| Cisco Prime Data Center Network Manager | =5.0\(3\) | |
| Cisco Prime Data Center Network Manager | =5.1\(1\) | |
| Cisco Prime Data Center Network Manager | =5.1\(2\) | |
| Cisco Prime Data Center Network Manager | =5.1\(3u\) | |
| Cisco Prime Data Center Network Manager | =5.2\(2\) | |
| Cisco Prime Data Center Network Manager | =5.2\(2a\) | |
| Cisco Prime Data Center Network Manager | =5.2\(2b\) | |
| Cisco Prime Data Center Network Manager | =5.2\(2c\) | |
| Cisco Prime Data Center Network Manager | =5.2\(2e\) | |
| Cisco Prime Data Center Network Manager | =6.1\(1a\) | |
| Cisco Prime Data Center Network Manager | =6.1\(1b\) | |
| Cisco Prime Data Center Network Manager | <=6.1\(1b\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/cisco
- canonical/cisco prime data center network manager
- version/cisco prime data center network manager/4.1\(2\)
- version/cisco prime data center network manager/4.1\(3\)
- version/cisco prime data center network manager/4.1\(4\)
- version/cisco prime data center network manager/4.1\(5\)
- version/cisco prime data center network manager/4.2\(1\)
- version/cisco prime data center network manager/4.2\(3\)
- version/cisco prime data center network manager/5.0\(2\)
- version/cisco prime data center network manager/5.0\(3\)
- version/cisco prime data center network manager/5.1\(1\)
- version/cisco prime data center network manager/5.1\(2\)
- version/cisco prime data center network manager/5.1\(3u\)
- version/cisco prime data center network manager/5.2\(2\)
- version/cisco prime data center network manager/5.2\(2a\)
- version/cisco prime data center network manager/5.2\(2b\)
- version/cisco prime data center network manager/5.2\(2c\)
- version/cisco prime data center network manager/5.2\(2e\)
- version/cisco prime data center network manager/6.1\(1a\)
- version/cisco prime data center network manager/6.1\(1b\)