CVE-2018-0464: Cisco Data Center Network Manager Path Traversal Vulnerability
First published: Fri Oct 05 2018(Updated: )
A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Prime Data Center Network Manager | =6.3\(1\) | |
| Cisco Prime Data Center Network Manager | =6.3\(2\) | |
| Cisco Prime Data Center Network Manager | =7.0\(1\) | |
| Cisco Prime Data Center Network Manager | =7.0\(2\) | |
| Cisco Prime Data Center Network Manager | =7.1\(1\) | |
| Cisco Prime Data Center Network Manager | =10.0 | |
| Cisco Prime Data Center Network Manager | =10.1 | |
| Cisco Prime Data Center Network Manager | =10.2 | |
| Cisco Prime Data Center Network Manager | =10.3\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-0464?
CVE-2018-0464 is a vulnerability in Cisco Data Center Network Manager software that allows an authenticated remote attacker to conduct directory traversal attacks and gain access to sensitive files.
What is the severity of CVE-2018-0464?
CVE-2018-0464 has a severity rating of 8.1 (high).
Which software versions are affected by CVE-2018-0464?
Cisco Prime Data Center Network Manager versions 6.3(1), 6.3(2), 7.0(1), 7.0(2), 7.1(1), 10.0, 10.1, 10.2, and 10.3(1) are affected by CVE-2018-0464.
How can an attacker exploit CVE-2018-0464?
An attacker can exploit CVE-2018-0464 by sending specially crafted requests to the management interface of the targeted system.
Where can I find more information about CVE-2018-0464?
More information about CVE-2018-0464 can be found on the following websites: SecurityFocus, SecurityTracker, and Cisco's Security Advisory.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/author
- agent/weakness
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- vendor/cisco
- canonical/cisco prime data center network manager
- version/cisco prime data center network manager/6.3\(1\)
- version/cisco prime data center network manager/6.3\(2\)
- version/cisco prime data center network manager/7.0\(1\)
- version/cisco prime data center network manager/7.0\(2\)
- version/cisco prime data center network manager/7.1\(1\)
- version/cisco prime data center network manager/10.0
- version/cisco prime data center network manager/10.1
- version/cisco prime data center network manager/10.2
- version/cisco prime data center network manager/10.3\(1\)