Lucene search
Andrea Micalizzi aka rgodZDI-13-255HistoryNov 24, 2013 - 12:00 a.m.
Cisco Data Center Network Manager fileUploadServlet Remote Code Execution Vulnerability
2013-11-2400:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
12
0.972 High
EPSS
Percentile
99.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet. Multiple arguments of a multipart form request are vulnerable to directory traversal attacks. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user.
Related
zdi
zdi
zdt
zdt
Cisco Prime Data Center Network Manager Arbitrary File Upload
2013-12-03 00:00:00
Cisco Prime Data Center Network Manager Arbitrary File Upload Vulnerability
2013-12-03 00:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2013-5486
2013-09-23 10:18:59
nvd
nvd
CVE-2013-5486
2013-09-23 10:18:59
packetstorm
packetstorm
Cisco Prime Data Center Network Manager Arbitrary File Upload
2013-12-03 00:00:00
cvelist
cvelist
CVE-2013-5486
2013-09-23 10:00:00
prion
prion
Directory traversal
2013-09-23 10:18:00
cisco
cisco
Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
2013-09-18 16:00:00
nessus
nessus
securityvulns
securityvulns
Cisco Prime Data Center / Prime Central security vulnerabilities
2013-10-03 00:00:00