Lucene search
Andrea Micalizzi aka rgodZDI-13-254HistoryNov 24, 2013 - 12:00 a.m.
Cisco Data Center Network Manager processImageSave_jsp Remote Code Execution Vulnerability
2013-11-2400:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
18
0.972 High
EPSS
Percentile
99.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processImageSave_jsp servlet which contains an arbitrary file creation vulnerability. When the ‘mode’ argument of a GET request is set to ‘save’, a remote attacker can specify other arguments that allow for control of the data and location of the file. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user.
Related
zdi
zdi
zdt
zdt
Cisco Prime Data Center Network Manager Arbitrary File Upload
2013-12-03 00:00:00
Cisco Prime Data Center Network Manager Arbitrary File Upload Vulnerability
2013-12-03 00:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2013-5486
2013-09-23 10:18:59
nvd
nvd
CVE-2013-5486
2013-09-23 10:18:59
packetstorm
packetstorm
Cisco Prime Data Center Network Manager Arbitrary File Upload
2013-12-03 00:00:00
cvelist
cvelist
CVE-2013-5486
2013-09-23 10:00:00
prion
prion
Directory traversal
2013-09-23 10:18:00
cisco
cisco
Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
2013-09-18 16:00:00
nessus
nessus
securityvulns
securityvulns
Cisco Prime Data Center / Prime Central security vulnerabilities
2013-10-03 00:00:00