Cisco Data Center Network Manager Privilege Escalation (cisco-sa-20180905-cdcnm-escalation)

According to its self-reported version, Cisco Data Center Network Manager is prior to version 11.01 and is, therefore, affected by a privilege escalation vulnerability in the web-based management interface due to incomplete validation of user input. An authenticated attacker could exploit this...

Cisco Data Center Network Manager Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Data Center Network Manager Unauthenticated Remote Code Execution', 'Description' = %q DCNM exposes a file upload servlet FileUploadServlet...

Cisco Data Center Network Manager Unauthenticated Remote Code Execution

DCNM exposes a file upload servlet FileUploadServlet at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication...

Cisco Data Center Network Manager Arbitrary File Upload Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. An arbitrary file upload vulnerability exists in the web-based management interfac...