What is the severity of cisco-sa-20200102-dcnm-path-trav?

The severity of cisco-sa-20200102-dcnm-path-trav is considered high due to the potential for directory traversal attacks.

How do I fix cisco-sa-20200102-dcnm-path-trav?

To fix cisco-sa-20200102-dcnm-path-trav, apply the recommended software patches provided by Cisco for the affected versions of DCNM.

What systems are affected by cisco-sa-20200102-dcnm-path-trav?

Cisco Data Center Network Manager (DCNM) is affected by cisco-sa-20200102-dcnm-path-trav, impacting its REST and SOAP API endpoints.

Can cisco-sa-20200102-dcnm-path-trav be exploited remotely?

Yes, cisco-sa-20200102-dcnm-path-trav can be exploited by an authenticated, remote attacker.

What are the potential impacts of cisco-sa-20200102-dcnm-path-trav?

The potential impacts of cisco-sa-20200102-dcnm-path-trav include unauthorized access to sensitive files and data on the device.

Vulnerability/
cisco-sa-20200102-dcnm-path-trav

high

7.2

CWE

2/1/2020

cisco-sa-20200102-dcnm-path-trav: Cisco Data Center Network Manager Path Traversal Vulnerabilities

First published: Thu Jan 02 2020(Updated: )

Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav

Credit: Steven Seeley (mr_me) Source Incite Trend MicroiDefense Accenture for reporting these vulnerabilities.

Affected Software	Affected Version	How to fix
Cisco Prime Data Center Network Manager (DCNM)

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-path-trav (Advisory)

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of cisco-sa-20200102-dcnm-path-trav?
The severity of cisco-sa-20200102-dcnm-path-trav is considered high due to the potential for directory traversal attacks.
How do I fix cisco-sa-20200102-dcnm-path-trav?
To fix cisco-sa-20200102-dcnm-path-trav, apply the recommended software patches provided by Cisco for the affected versions of DCNM.
What systems are affected by cisco-sa-20200102-dcnm-path-trav?
Cisco Data Center Network Manager (DCNM) is affected by cisco-sa-20200102-dcnm-path-trav, impacting its REST and SOAP API endpoints.
Can cisco-sa-20200102-dcnm-path-trav be exploited remotely?
Yes, cisco-sa-20200102-dcnm-path-trav can be exploited by an authenticated, remote attacker.
What are the potential impacts of cisco-sa-20200102-dcnm-path-trav?
The potential impacts of cisco-sa-20200102-dcnm-path-trav include unauthorized access to sensitive files and data on the device.

agent/type
agent/event
agent/first-publish-date
agent/last-modified-date
collector/cisco-advisory
source/Cisco
agent/author
agent/weakness
agent/title
agent/severity
agent/references
agent/description
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco prime data center network manager (dcnm)