Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.CISCO_PRIME_DCNM_6_1_2_LOCAL.NASL
HistoryJul 11, 2013 - 12:00 a.m.

Cisco Prime Data Center Network Manager RMI Remote Code Execution (credentialed check)

2013-07-1100:00:00
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
www.tenable.com
25
JSON

According to its self-reported version number, the version of Cisco Prime Data Center Network Manager (DCNM) installed on the remote host is affected by a remote code execution vulnerability. Unauthorized users have access to the JBoss Application Server Remote Method Invocation services. A remote, unauthenticated attacker could exploit this to execute arbitrary code as SYSTEM (on Windows) or root (on Linux).

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(67248);
  script_version("1.13");
  script_cvs_date("Date: 2018/11/15 20:50:22");

  script_cve_id("CVE-2007-1036", "CVE-2012-5417");
  script_bugtraq_id(56348);
  script_xref(name:"CERT", value:"632656");
  script_xref(name:"CISCO-BUG-ID", value:"CSCtz44924");
  script_xref(name:"CISCO-BUG-ID", value:"CSCua31204");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20121031-dcnm");

  script_name(english:"Cisco Prime Data Center Network Manager RMI Remote Code Execution (credentialed check)");
  script_summary(english:"Checks DCNM version number");

  script_set_attribute(attribute:"synopsis", value:
"A network management system installed on the remote is affected by a
remote code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the version of Cisco
Prime Data Center Network Manager (DCNM) installed on the remote host
is affected by a remote code execution vulnerability. Unauthorized
users have access to the JBoss Application Server Remote Method
Invocation services. A remote, unauthenticated attacker could exploit
this to execute arbitrary code as SYSTEM (on Windows) or root (on
Linux).");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2ef95f6c");
  script_set_attribute(attribute:"solution", value:"Upgrade to Cisco Prime Data Center Network Manager 6.1(2) or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-12-667");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'JBoss JMX Console Deployer Upload and Execute');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(264);

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/20"); 
  script_set_attribute(attribute:"patch_publication_date", value:"2012/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:prime_data_center_network_manager");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gain a shell remotely");

  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");

  script_dependencies("cisco_prime_dcnm_installed_win.nasl", "cisco_prime_dcnm_installed_linux.nasl");
  script_require_ports("installed_sw/Cisco Prime DCNM");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

appname = "Cisco Prime DCNM";

get_install_count(app_name:appname, exit_if_zero:TRUE);
install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);

ver  = install['version'];
path = install['path'];
display_ver = install['display_version'];

fix = '6.1.2.0';
display_fix = '6.1(2)';

if (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)
  audit(AUDIT_INST_VER_NOT_VULN, appname, display_ver);

# Could be Windows or *nix
port = get_kb_item('SMB/transport');
if (!port) port = 0;

if (report_verbosity > 0)
{
  if (isnull(display_ver))
    display_ver = ver;

  report =
    '\n  Path              : ' + path +
    '\n  Installed version : ' + display_ver +
    '\n  Fixed version     : ' + display_fix + '\n';
  security_hole(port:port, extra:report);
}
else security_hole(port);
VendorProductVersionCPE
ciscoprime_data_center_network_managercpe:/a:cisco:prime_data_center_network_manager

Related

nessus 2
cve 3
securityvulns 2
cisco 1
prion 3
packetstorm 1
openvas 1
cert 1
hackerone 1
attackerkb 1
nessus
nessus
Cisco Prime Data Center Network Manager RMI Remote Code Execution (uncredentialed check)
2013-07-11 00:00:00
Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities
2013-10-14 00:00:00
cve
cve
CVE-2012-5417
2012-11-02 04:46:00
CVE-2007-1036
2007-02-21 11:28:00
CVE-2013-4810
2013-09-16 13:01:00
securityvulns
securityvulns
Cisco Prime Data Center Network Manager code execution
2013-05-09 00:00:00
JBoss insecure defaults
2007-02-23 00:00:00
cisco
cisco
Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability
2012-10-31 16:00:00
prion
prion
Design/Logic Flaw
2012-11-02 04:46:00
Authentication flaw
2007-02-21 11:28:00
Design/Logic Flaw
2013-09-16 13:01:00
packetstorm
packetstorm
JBoss DeploymentFileRepository WAR Deployment
2012-09-05 00:00:00
openvas
openvas
Red Hat JBoss Application Server (AS) Console and Web Management Misconfiguration Vulnerability - Active Check
2019-07-12 00:00:00
cert
cert
JBoss Application Server may not properly restrict access to the administrative interface
2007-02-20 00:00:00
hackerone
hackerone
Starbucks: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/
2019-02-27 10:58:19
attackerkb
attackerkb
CVE-2013-4810
2013-09-16 00:00:00
JSON
Related for CISCO_PRIME_DCNM_6_1_2_LOCAL.NASL
nessus2cve3securityvulns2cisco1prion3packetstorm1openvas1cert1hackerone1attackerkb1