4 matches found
Cisco Data Center Network Manager Unauthenticated File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Data Center Network Manager Unauthenticated File Download', 'Description' = %q DCNM exposes a servlet to download files on...
CVE-2019-1621
creationtimestamp| type| source ---|---|--- 2020-07-16 15:38:10+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/networking/ciscodcnmdownload.rb 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:13+00:00| see...
Cisco Data Center Network Manager Unauthenticated File Download
DCNM exposes a servlet to download files on /fm/downloadServlet. An authenticated user can abuse this servlet to download arbitrary files as root by specifying the full path of the file. This module was tested on the DCNM Linux virtual appliance 10.42, 11.01 and 11.11, and should work on a few...
CVE-2019-1621
CVE-2019-1621 affects Cisco Data Center Network Manager (DCNM) web-based management interface. The issue stems from incorrect permissions settings that could allow an unauthenticated, remote attacker to download arbitrary files from the device via the web servlet (e.g., /fm/downloadServlet). Conn...