Lucene search
Andrea Micalizzi aka rgodZDI-13-256HistoryNov 24, 2013 - 12:00 a.m.
Cisco Data Center Network Manager downloadServlet Remote Information Disclosure Vulnerability
2013-11-2400:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
13
0.066 Low
EPSS
Percentile
93.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. Without prior authentication, an attacker could invoke the DownloadServlet to disclose an arbitrary file from the file system. With this information, a remote attacker could abuse this to execute arbitrary code against the target server.
Related
cve
cve
CVE-2013-5487
2022-10-03 16:14:55
cvelist
cvelist
CVE-2013-5487
2022-10-03 16:14:55
nvd
nvd
CVE-2013-5487
2013-09-23 10:18:59
checkpoint_advisories
checkpoint_advisories
prion
prion
Design/Logic Flaw
2013-09-23 10:18:00
nessus
nessus
cisco
cisco
Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
2013-09-18 16:00:00
securityvulns
securityvulns
Cisco Prime Data Center / Prime Central security vulnerabilities
2013-10-03 00:00:00